Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2025/05/29 12:0 a.m.2 views

PT-2025-23222 · Phpoffice · Phpoffice Math

Name of the Vulnerable Software and Affected Versions: PHPOffice Math versions prior to 0.3.0 Description: The issue allows an attacker to create a special XML file that, when processed, loads external entities, enabling the reading of local server files. This is due to the use of the libxml...

8.7CVSS6.1AI score0.00417EPSS
Exploits0References12
OSV
OSVadded 2024/05/30 1:10 p.m.10 views

GHSA-4VF2-QFG3-7598 symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

7.5CVSS7.2AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/05/30 12:0 a.m.2 views

PT-2024-40262 · Symfony +2 · Symfony +2

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to the latest version Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lack of a method to disable custom entities in...

7.5CVSS7.1AI score
Exploits0References5
OSV
OSVadded 2016/05/22 1:59 a.m.1 views

UBUNTU-CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

9.6CVSS7.2AI score0.04026EPSS
Exploits1References5
CNVD
CNVDadded 2016/04/26 12:0 a.m.2 views

PHP 'libxml_disable_entity_loader()' Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. PHP threads can share the 'libxmldisableentityloader' setting, allowing remote attackers to exploit the vulnerability by submitting XML external entity injections and entity extensions to crash the application...

9.6CVSS8.5AI score0.04026EPSS
Exploits1References1
OSV
OSVadded 2016/04/21 3:16 p.m.3 views

USN-2952-1 php5 vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

10CVSS7AI score0.35438EPSS
Exploits9References9
Tenable Nessus
Tenable Nessusadded 2015/03/05 12:0 a.m.261 views

Fedora 20 : php-5.5.22-1.fc20 (2015-2328)

19 Feb 2015, PHP 5.5.22 Core : - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68925 Mitigation for CVE-2015-0235 ' GHOST: glibc gethostbyname buffer overflow. Stas - Fixed bug 68942 Use after free vulnerability in unserialize with...

10CVSS7.7AI score0.94859EPSS
Exploits38References1
Rows per page
Query Builder