CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/05/11 8:27 p.m.•5 views

CVE-2023-42346

Alkacon OpenCms before 16 allows XXE when the refers to an external host...

7.5CVSS5.8AI score0.00079EPSS

Exploits0References1

OSV•added 2026/05/08 6:32 a.m.•2 views

GHSA-PJ6P-9P8X-5MFC Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host

Alkacon OpenCms before 16 allows XXE when the refers to an external host...

7.5CVSS5.8AI score0.00079EPSS

Exploits0References3

ATTACKERKB•added 2026/05/08 12:0 a.m.•6 views

CVE-2023-42346

Alkacon OpenCms before 16 allows XXE when the refers to an external host...

5.8AI score0.00079EPSS

Exploits0References2

CVE•added 2026/05/08 12:0 a.m.•5 views

CVE-2023-42346

CVE-2023-42346 affects Alkacon OpenCms before version 16, where an external-hosted DOCTYPE can trigger a server-side XML External Entity (XXE) vulnerability. The root cause is improper handling of external entities in XML processing, leading to potential exposure of confidential data (CVSS 3.1 ba...

7.5CVSS5.8AI score0.00079EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write warnings When the “storcli2 show” command is executed for eHBA-9600, the mpi3mr driver prints this warning message: memcpy: A field-spanning write size 128 was detected in the singl...

5.5CVSS6.2AI score0.00009EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 5:51 p.m.•21 views

CVE-2020-12772

An issue was discovered in Ignite Realtime Spark 2.8.3 and the ROAR plugin for it on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the NTLM hashes of the user are sent with the HTTP request. Th...

8.8CVSS6.8AI score0.00842EPSS

Exploits1

Veracode•added 2023/03/22 12:44 a.m.•30 views

Server-side Request Forgery (SSRF)

cairosvg is vulnerable to Server-side Request Forgery SSRF and Denial of Service DOS. The vulnerability is due to allowing the loading of external host resources by default during parsing, allowing an attacker to parse a maliciously crafted file from an external resource, resulting in Server-side...

9.9CVSS6.6AI score0.00086EPSS

Exploits0References4Affected Software2

CNNVD•added 2022/09/12 12:0 a.m.•1 views

Micro-Star International MSI Feature Navigator v1.0.1808.0901 安全漏洞

Micro-Star International MSI Feature Navigator is a feature navigator from Micro-Star International China. A security vulnerability exists in Micro-Star International MSI Feature Navigator version v1.0.1808.0901. An attacker can exploit this vulnerability to download arbitrary files from an...

7.1CVSS6.7AI score0.00063EPSS

Exploits3References4