Lucene search
+L

356 matches found

CNNVD
CNNVD
added 2025/09/08 12:0 a.m.6 views

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA 1.2 and earlier versions, which originates from an XML external entity reference vulnerability in the /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx file...

9.8CVSS7.5AI score0.00506EPSS
Exploits1References5
ICS
ICS
added 2025/09/02 6:0 a.m.6 views

Delta Electronics EIP Builder

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

5.5CVSS6.4AI score0.00171EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from...

5.5CVSS5.6AI score0.02297EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of...

10CVSS8.1AI score0.01937EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/21 12:0 a.m.13 views

Apache Tika 1.13 - 3.2.1 XXE Vulnerability

Apache Tika is prone to an XML external entity XXE vulnerability in the tika-parser-pdf-module. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.8CVSS8.5AI score0.79807EPSS
Exploits6References5
Debian CVE
Debian CVE
added 2025/08/20 8:8 p.m.18 views

CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

9.8CVSS7.8AI score0.02962EPSS
Exploits4
CVE
CVE
added 2025/08/20 8:8 p.m.164 views

CVE-2025-54988

This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...

9.8CVSS7.1AI score0.02962EPSS
Exploits4References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-13031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LemonLDAP::NG before 1.9.20 has an XML External Entity XXE issue when submitting a notification to the notification server. By default, the notification server ...

8.1CVSS7.2AI score0.01934EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.9 views

PT-2025-33724 · Lexmark · Lexmark Printer Drivers

Name of the Vulnerable Software and Affected Versions: Lexmark printer drivers for Windows affected versions not specified Description: The software contains an improper restriction of XML External Entity XXE references. This allows an attacker to disclose sensitive information to an arbitrary UR...

8.2CVSS6.7AI score0.00139EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 10:29 a.m.10 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

6.8CVSS7.4AI score0.02164EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/14 3:49 p.m.13 views

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...

4.9CVSS7AI score0.00643EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/08/14 1:55 a.m.247 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

Cosmic Sting: CVE-2024-34102 Exploiter Cosmic Sting is a Go-b...

9.8CVSS8.3AI score0.99994EPSS
Exploits26
Tenable Nessus
Tenable Nessus
added 2025/08/13 12:0 a.m.6 views

Dell Storage Manager XXE (CVE-2025-22478)

Binary data dellstoragemanagercve-2025-22478.nbin...

8.1CVSS7.3AI score0.00235EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/08/12 12:45 p.m.3 views

Security update for eclipse-jgit

This update for eclipse-jgit fixes the following issues: CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

4.8CVSS7AI score0.0104EPSS
Exploits1References4
ICS
ICS
added 2025/08/12 12:0 a.m.16 views

Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER

SUMMARY SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions...

6.8CVSS7.6AI score0.00172EPSS
Exploits0References10
OSV
OSV
added 2025/08/11 9:34 p.m.9 views

CVE-2025-54992 OpenKilda XXE in SAML configuration

OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity XXE injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is...

6.9CVSS7.1AI score0.00406EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.6 views

TencentOS Server 2: expat (TSSA-2025:0543)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0543 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

9.8CVSS8.4AI score0.09051EPSS
Exploits1References3
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/22 12:0 a.m.10 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS9.5AI score0.5461EPSS
In wildExploits1
NVD
NVD
added 2025/07/21 5:15 p.m.5 views

CVE-2025-36603

Dell AppSync, versions 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...

4.8CVSS0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.18 views

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from China Jinher Jinher Company. A code issue vulnerability exists in Jinher OA version 1.1, which stems from an incorrect operation of the file XmlHttp.aspx resulting in an XML external entity reference...

9.8CVSS7.6AI score0.00483EPSS
Exploits1References5
Rows per page
Query Builder