CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

Nuclei•added 2026/06/16 7:13 a.m.•12 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7.8AI score0.79807EPSS

Exploits5References2

SUSE CVE•added 2026/04/09 11:29 p.m.•1 views

SUSE CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS7.3AI score0.00159EPSS

Exploits0References3

CNNVD•added 2026/03/31 12:0 a.m.•9 views

InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the invoice PDF generation module, which could lead to...

8.7CVSS5.9AI score0.00261EPSS

Exploits1References3

Tenable Nessus•added 2026/02/06 12:0 a.m.•9 views

Atlassian Confluence 7.19 < 8.5.31 / 8.6.x < 9.2.13 / 9.3.x < 10.2.2 (CONFSERVER-101872)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101872 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an...

9.8CVSS7.8AI score0.79807EPSS

Exploits5References2

Tenable Nessus•added 2026/02/06 12:0 a.m.•6 views

Atlassian Confluence 7.7.x < 8.5.31 / 8.6.x < 9.2.13 / 9.3.1 < 10.2.2 (CONFSERVER-101878)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101878 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry o...

9.8CVSS5.6AI score0.02962EPSS

Exploits4References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•7 views

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.0 (JSDSERVER-16478)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16478 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 o...

9.8CVSS8.2AI score0.02962EPSS

Exploits4References2

Tenable Nessus•added 2026/01/07 12:0 a.m.•9 views

Atlassian Confluence < 8.5.31 / 8.6.x < 9.2.13 / 9.3.x < 10.2.2 (CONFSERVER-101788)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101788 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an...

9.8CVSS7.8AI score0.79807EPSS

Exploits5References2

The Hacker News•added 2025/12/05 4:23 p.m.•14 views

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity XXE injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core 1.13-3.2.1,...

10CVSS8.4AI score0.79807EPSS

Exploits6

RedhatCVE•added 2025/12/05 11:0 a.m.•10 views

CVE-2025-66516

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

10CVSS8.7AI score0.79807EPSS

Exploits6References5

vulnersOsv•added 2025/12/04 6:30 p.m.•9 views

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +324 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: OSV:GHSA-F58C-GQ56-VJJF...

9.8CVSS7.5AI score0.79807EPSS

Exploits6

OSV•added 2025/12/04 6:30 p.m.•6 views

GHSA-F58C-GQ56-VJJF Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

10CVSS5.9AI score0.79807EPSS

Exploits6References4

NVD•added 2025/12/04 5:15 p.m.•8 views

CVE-2025-66516

9.8CVSS0.79807EPSS

Exploits5References2

OSV•added 2025/12/04 5:15 p.m.•7 views

DEBIAN-CVE-2025-66516

9.8CVSS8AI score0.79807EPSS

Exploits5References1

CVE•added 2025/12/04 4:17 p.m.•400 views

CVE-2025-66516

CVE-2025-66516 is a critical XXE in Apache Tika affecting tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5). The root cause is XML External Entity injection triggered by a crafted XFA file in a PDF, allowing an attacker to access sensitive data or trigger intern...

9.8CVSS8.3AI score0.79807EPSS

Exploits5References2Affected Software1

CNNVD•added 2025/12/04 12:0 a.m.•7 views

Apache Tika 代码问题漏洞

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office-formatted documents, Pdfbox a pure Java class library for reading and creating PDF...

9.8CVSS8.6AI score0.79807EPSS

Exploits6References3

Tenable Nessus•added 2025/12/04 12:0 a.m.•15 views

Linux Distros Unpatched Vulnerability : CVE-2025-66516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry...

9.8CVSS7.3AI score0.79807EPSS

Exploits6References2

Positive Technologies•added 2025/10/26 12:0 a.m.•8 views

PT-2025-49099

Name of the Vulnerable Software and Affected Versions tika-core versions 1.13 through 3.2.1 tika-parser-pdf-module versions 2.0.0 through 3.2.1 tika-parsers versions 1.13 through 1.28.5 Description Apache Tika incorrectly handles XML external entities when parsing XFA XML Forms Architecture conte...

10CVSS8AI score0.79807EPSS

Exploits5References133

Tenable Nessus•added 2025/10/26 12:0 a.m.•7 views

Debian dla-4350 : libtika-java - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4350 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4350-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8AI score0.02962EPSS

Exploits4References4