8 matches found
Apache Tika has XXE vulnerability
Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...
OPENSUSE-SU-2025:20143-1 Security update for git-bug
This update for git-bug fixes the following issues: Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 CVE-2025-47913, bsc1253506 upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 GHSA-2464-8j7c-4cjm upgrade github.com/go-viper/mapstructure/v2 to...
GHSA-PJ86-CFQH-VQX6 Withdrawn Advisory: express improperly controls modification of query properties
Withdrawn Advisory This advisory has been withdrawn because it describes a correctness bug, not a vulnerability with real security impact. This link is maintained to preserve external references. Original Description Impact when using the extended query parser in express 'query parser': 'extended...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to inefficient handling of URL-encoded bodies with a very large number of parameters. An attacker can cause elevated CPU and memory usage by sending payloads containing thousands ...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection. An attacker can access sensitive information or cause the system to make unauthorized requests by submitting a specially crafted XFA file embedded within a PDF. Note: CVE-2025-66516 is a duplicate of...
Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2851)
The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300054.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2851 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size...
UBUNTU-CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
CNVD-ID CNVD-2017-02474 发布时间 2017-03-07 危害级别 高 AV:N/AC:L/Au:N/...