Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.12 views

Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS7.2AI score0.79807EPSS
Exploits5References4Affected Software3
OSV
OSV
added 2025/12/04 1:8 p.m.4 views

OPENSUSE-SU-2025:20143-1 Security update for git-bug

This update for git-bug fixes the following issues: Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 CVE-2025-47913, bsc1253506 upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 GHSA-2464-8j7c-4cjm upgrade github.com/go-viper/mapstructure/v2 to...

9.1CVSS6.8AI score0.03153EPSS
Exploits4References14
OSV
OSV
added 2025/12/01 6:59 p.m.6 views

GHSA-PJ86-CFQH-VQX6 Withdrawn Advisory: express improperly controls modification of query properties

Withdrawn Advisory This advisory has been withdrawn because it describes a correctness bug, not a vulnerability with real security impact. This link is maintained to preserve external references. Original Description Impact when using the extended query parser in express 'query parser': 'extended...

6.9CVSS6.7AI score0.00014EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/24 7:40 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to inefficient handling of URL-encoded bodies with a very large number of parameters. An attacker can cause elevated CPU and memory usage by sending payloads containing thousands ...

6.9CVSS6.4AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/20 9:30 p.m.5 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection. An attacker can access sensitive information or cause the system to make unauthorized requests by submitting a specially crafted XFA file embedded within a PDF. Note: CVE-2025-66516 is a duplicate of...

9.8CVSS8.2AI score0.79807EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.16 views

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2851)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300054.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2851 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size...

9.1CVSS7.3AI score0.00724EPSS
Exploits0References8
OSV
OSV
added 2022/05/20 7:15 p.m.3 views

UBUNTU-CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

8.2CVSS6.8AI score0.02886EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2017/03/09 7:40 p.m.4 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

CNVD-ID CNVD-2017-02474 发布时间 2017-03-07 危害级别 高 AV:N/AC:L/Au:N/...

10CVSS9.7AI score0.99999EPSS
Exploits44
Rows per page
Query Builder