Lucene search
+L

9 matches found

CVE
CVE
added 2026/07/10 8:35 p.m.91 views

CVE-2026-55229

Gotenberg prior to 8.34.0 contains an SSRF/local-file disclosure in the /forms/libreoffice/convert endpoint. A specially crafted DOCX can cause LibreOffice to fetch external HTTP(S) resources (blind SSRF) and load local image resources during conversion, potentially exposing internal endpoints an...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Ruby-Nokogiri

Nokogiri is a Rubygem that provides HTML, XML, SAX, and Reader parsers, with support for XPath and CSS selectors. In Nokogiri versions prior to 1.11.0.rc4, there was an XXE vulnerability. XML schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accesse...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 9:14 p.m.4 views

CVE-2026-44441 ERPNext: Possible SSRF by any authenticated user

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

5CVSS5.9AI score0.00162EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 8:12 a.m.16 views

CVE-2024-2374

The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...

9.1CVSS5.7AI score0.00377EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/11/24 4:31 a.m.7 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00604EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:29 p.m.50 views

Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

6.5CVSS6.7AI score0.10214EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/02/08 12:0 a.m.9 views

Redwood Report2Web File Inclusion Vulnerability

Redwood Report2Web is a web platform from Redwood Corporation that provides users with automated report generation capabilities. A file inclusion vulnerability exists in Redwood Report2Web version 4.3.4.5, which originates from a vulnerability that allows remote attackers to present external...

5.3CVSS6.9AI score0.01874EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/12/30 12:0 a.m.47 views

CVE-2020-26247 XXE in Nokogiri

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

2.6CVSS5.8AI score0.01109EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.6 views

PT-2019-18668 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 6.8.2 Kibana versions prior to 7.2.1 Description: The issue is related to a server side request forgery SSRF flaw in the graphite integration for the Timelion visualizer. An attacker with administrative access could s...

4.9CVSS4.7AI score0.02138EPSS
Exploits1References5
Rows per page
Query Builder