Lucene search
+L

161 matches found

Veracode
Veracode
added 2023/03/22 1:19 a.m.27 views

XML External Entity (XXE) Injection

weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...

9.8CVSS9.2AI score0.00775EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2023/01/13 1:55 a.m.19 views

XML External Entity (XXE) Injection

aXMLRPC is vulnerable to XML external entity attacks. The vulnerability exists because the library does not properly validate the XML documents submitted by the users via the parse function of ResponseParser.java, allowing an attacker to inject malicious XML documents to perform requests on behal...

9.8CVSS8.9AI score0.00845EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.6 views

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

7.1AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.34 views

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

8.7AI score0.00514EPSS
Exploits0References1
OSV
OSV
added 2022/10/25 5:15 p.m.6 views

CVE-2022-27805

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability...

9.8CVSS5.9AI score0.01291EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.6 views

Abode Iota 访问控制错误漏洞

Abode Iota is a reliable Diy home security system from Abode. An Access Control Error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from an authentication bypass in the GHOME control function, and can be exploited by an attacker to send a malicious XML payload to execute...

9.8CVSS8.6AI score0.01291EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.7 views

IBM MQ 代码问题漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from an attacker being able to transfer malicious XML data to IBM MQ via the Explore...

9.1CVSS7.7AI score0.0141EPSS
Exploits0References4
NVD
NVD
added 2022/07/20 5:15 p.m.34 views

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

7.8CVSS0.00457EPSS
Exploits0References3
OSV
OSV
added 2022/07/20 5:15 p.m.3 views

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

7.8CVSS7.3AI score0.00457EPSS
Exploits0References3
Prion
Prion
added 2022/07/20 5:15 p.m.19 views

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file...

4.4CVSS8AI score0.00457EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/07/20 4:56 p.m.33 views

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

7.8CVSS8AI score0.00457EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/20 10:46 p.m.33 views

CVE-2020-13965

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview...

6.3CVSS3.4AI score0.76596EPSS
Exploits2References1
Veracode
Veracode
added 2022/04/27 4:20 a.m.20 views

XML External Entity (XXE)

detekt-core is vulnerable to XML external entity attacks. The vulnerability exists in the read function in BaselineFormat.kt due to improper validation which allows an attacker to submit a malicious XML document...

9.8CVSS3.4AI score0.01417EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2022/04/21 12:0 a.m.49 views

FANUC ROBOGUIDE XML External Entity Injection Vulnerability

FANUC ROBOGUIDE is a robot simulation software from FANUC Japan. FANUC ROBOGUIDE v9.40083.00.05 and earlier versions exist XML external entity injection vulnerability, which originates from the lack of application restrictions on external entities. An attacker could exploit this vulnerability to...

6.1CVSS2.7AI score0.00665EPSS
Exploits0References1
Veracode
Veracode
added 2022/04/20 4:9 p.m.14 views

XML External Entity (XXE) Injection

fr.opensagres.xdocreport:fr.opensagres.xdocreport.document is vulnerable to XML external entity XXE injection attacks. A remote attacker is able to inject malicious XML input via a weakly configured XML parser in the preprocess function...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/04/20 12:0 a.m.7 views

PT-2022-11968 · Fanuc · Roboguide

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a network-based attack where threat actors supply a crafted, malicious XML payload. This payload is designed to trigger an external...

6.1CVSS5.4AI score0.00665EPSS
Exploits0References4
OSV
OSV
added 2022/02/25 11:11 a.m.25 views

CVE-2022-24612

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS...

5.4CVSS5.5AI score0.00558EPSS
Exploits1References3
NVD
NVD
added 2021/12/23 8:15 p.m.22 views

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution...

7.8CVSS0.00915EPSS
Exploits0References5
NVD
NVD
added 2021/09/15 1:15 p.m.16 views

CVE-2021-30137

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...

8.2CVSS0.00819EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/09/15 12:35 p.m.23 views

CVE-2021-30137

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...

7.7CVSS8.3AI score0.00819EPSS
Exploits1References1
Rows per page
Query Builder