Lucene search
K

214 matches found

Vulnrichment
Vulnrichment
added 2024/06/13 9:4 a.m.118 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS7.4AI score0.99994EPSS
Exploits26References2
OSV
OSV
added 2024/06/13 9:4 a.m.33 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS9.7AI score0.99994EPSS
Exploits26References5
Cvelist
Cvelist
added 2024/06/13 9:4 a.m.67 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS0.99994EPSS
Exploits26References2
CVE
CVE
added 2024/06/13 9:4 a.m.371 views

CVE-2024-34102

CVE-2024-34102 is an XXE vulnerability in Adobe Commerce/Magento Open Source that allows remote code execution. The issue affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, via improper restriction of XML external entity references. Exploitation can occur without use...

9.8CVSS9.6AI score0.99994EPSS
In wildExploits26References3Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.26 views

RHEL 7 : apache-ivy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-ivy: Directory Traversal CVE-2022-37865 - Improper Restriction of XML External Entity Reference, X...

9.6AI score0.01855EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/09 2:56 p.m.16 views

CVE-2024-34345 @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...

8.1CVSS7AI score0.00925EPSS
Exploits0References3
NVD
NVD
added 2024/03/22 7:15 p.m.19 views

CVE-2024-2826

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

8.8CVSS6.5AI score0.00628EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/22 7:0 p.m.13 views

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

6.5CVSS7.1AI score0.00628EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/22 7:0 p.m.25 views

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.8AI score0.00628EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/02/01 6:1 p.m.42 views

CVE-2024-1167 SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur...

5.5CVSS7.6AI score0.00541EPSS
Exploits0References2
NVD
NVD
added 2023/12/11 2:15 p.m.31 views

CVE-2023-6194

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...

7.1CVSS0.00306EPSS
Exploits1References3
CVE
CVE
added 2023/12/11 2:4 p.m.37 views

CVE-2023-6194

CVE-2023-6194 affects Eclipse Memory Analyzer (versions 0.7 to 1.14.0). The issue arises because report definition XML files do not filter references to external entities in DTDs, allowing a malicious report file to cause the tool to access external files or URLs defined via a DTD when generating...

7.1CVSS6.8AI score0.00306EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/11/30 11:29 a.m.86 views

CVE-2023-49733

CVE-2023-49733 affects Apache Cocoon 2.2.0 up to versions before 2.3.0. It is an XML External Entity (XXE) reference vulnerability due to improper restriction, enabling potentially sensitive data exposure and other impacts as described in the sources. The recommended remediations are upgrading to...

9.8CVSS9.5AI score0.01292EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2023/10/05 7:55 a.m.216 views

Exploit for Improper Restriction of XML External Entity Reference in Dogtagpki

CVE-2022-2414 CVE-2022-24...

7.5CVSS7.8AI score0.85323EPSS
Exploits3
GithubExploit
GithubExploit
added 2023/10/05 7:55 a.m.440 views

Exploit for Improper Restriction of XML External Entity Reference in Dogtagpki

CVE-2022-2414 CVE-2022-24...

7.5CVSS7.8AI score0.85323EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2023/06/15 3:30 p.m.36 views

HuTool XML parsing module has blind XXE vulnerability

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference...

7.5CVSS7AI score0.00726EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/06/15 1:15 p.m.22 views

CVE-2023-3276

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

7.5CVSS6.1AI score0.00726EPSS
Exploits1References3
Prion
Prion
added 2023/06/15 1:15 p.m.15 views

Xxe

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

5.2CVSS7.5AI score0.00726EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/15 1:0 p.m.53 views

CVE-2023-3276

HuTool (Dromara HuTool) up to 5.8.19 contains an XXE flaw in XmlUtil.readBySax, enabling xml external entity reference exploitation. Publicly disclosed exploit; no fixed version information in the provided documents. Affected component: XML Parsing Module (XmlUtil.java). Practical impact describe...

7.5CVSS6.3AI score0.00726EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/15 1:0 p.m.9 views

CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

5.5CVSS6.6AI score0.00726EPSS
Exploits1References3
Rows per page
Query Builder