Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-0267

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00353EPSS
Exploits1References9
Tenable Nessus
Tenable Nessusadded 2024/01/24 12:0 a.m.31 views

Fedora 39 : fonttools (2024-6d1d9f70d2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6d1d9f70d2 advisory. Security fix for CVE-2023-45139 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.4AI score0.00353EPSS
Exploits1References2
NVD
NVDadded 2024/01/10 4:15 p.m.10 views

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.6AI score0.00353EPSS
Exploits1References6
OSV
OSVadded 2024/01/10 4:15 p.m.1 views

UBUNTU-CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS5.9AI score0.00353EPSS
Exploits1References6
Debian CVE
Debian CVEadded 2024/01/10 4:3 p.m.15 views

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.6AI score0.00353EPSS
Exploits1
OSV
OSVadded 2024/01/10 4:3 p.m.16 views

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.7AI score0.00353EPSS
Exploits1References8
Veracode
Veracodeadded 2024/01/10 6:41 a.m.19 views

XML External Entity Injection

fonttools is vulnerable to XML External Entity Injection. The vulnerability is due to a misconfigured xml parser which allows external entities to be included in OT-SVG font. This issue can be exploited by an attacker by building a OT-SVG font which includes xml external entities, resulting in...

7.5CVSS6.3AI score0.00353EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blogadded 2024/01/09 4:1 p.m.21 views

fonttools XML External Entity Injection (XXE) Vulnerability

Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...

7.5CVSS7.2AI score0.00353EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder