CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0276

Malware in sbrugna...

9.3CVSS8AI score0.00735EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-11533

Malware in sbrugna...

8.6CVSS8.8AI score0.00463EPSS

Exploits1References4

OSV•added 2019/01/30 3:29 p.m.•2 views

CVE-2018-19858

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file e.g., in an IFRAME element, PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF...

8.6CVSS5.8AI score

Exploits0References3

NVD•added 2019/01/30 3:29 p.m.•9 views

CVE-2018-19858

8.6CVSS8.5AI score0.00463EPSS

Exploits1References3

Prion•added 2019/01/30 3:29 p.m.•6 views

Design/Logic Flaw

5CVSS8.4AI score0.00463EPSS

Exploits1References3Affected Software1

Cvelist•added 2019/01/29 11:0 p.m.•14 views

CVE-2018-19858

8.5AI score0.00463EPSS

Exploits1References3

CVE•added 2019/01/29 11:0 p.m.•30 views

CVE-2018-19858

PrinceXML versions 10 and below are vulnerable to XXE due to missing protection against external entities. If an attacker supplies HTML referencing an XML file (for example via an IFRAME), PrinceXML will fetch and parse the XML, enabling file-read access and SSRF. No remediation details are provi...

8.6CVSS8.4AI score0.00463EPSS

Exploits1References3Affected Software1

NVD•added 2018/05/29 8:29 p.m.•14 views

CVE-2016-10591

Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince1 CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...

9.3CVSS8.3AI score0.00735EPSS

Exploits0References1

Prion•added 2018/05/29 8:29 p.m.•13 views

Remote code execution

9.3CVSS8AI score0.00735EPSS

Exploits0References1Affected Software1

CVE•added 2018/05/29 8:0 p.m.•48 views

CVE-2016-10591

CVE-2016-10591 affects Prince (Node API for executing PrinceXML via the prince(1) CLI). The vulnerability arises because Prince downloads zipped resources over HTTP, making it susceptible to Man-in-the-Middle attacks that could swap the requested tarball/executable with a malicious one. In networ...

9.3CVSS8.2AI score0.00735EPSS

Exploits0References1Affected Software1

Packet Storm•added 2016/07/06 12:0 a.m.•31 views

PrinceXML Wrapper Class Command Injection

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using prince in server applications web applications. http://www.princexml.com/download/wrappers/ Taking a quick look at the PHP class, there are likely numerous command injection...

0.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by