CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

SysAid Server < 24.4.60 b16 Multiple Vulnerabilities

The version of SysAid Server installed on the remote host is prior to 24.4.60 b16. It is, therefore, affected multiple vulnerabilities, including the following: - SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing...

CVE-2024-20390

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch...

HCL Technologies BigFix Mobile/Modern Client Management 代码问题漏洞

HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies, India. A security vulnerability exists in HCL Technologies BigFix Mobile/Modern Client Management v1.x, v2.0, which can be exploited by attackers to conduct Un-Auth XML...

CVE-2021-30201 Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed external entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type:...

Kentico CMS 12.0.14 Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML inp...

PT-2019-13579 · Axway · Axway Securetransport

Name of the Vulnerable Software and Affected Versions: Axway SecureTransport versions 5.x through 5.3 Axway SecureTransport versions 5.x through 5.5 with certain API configuration Description: The issue concerns unauthenticated blind XML injection and XXE in the resetPassword functionality via th...

CVE-2018-5789

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface...