CVE-2024-3572

CVE-2024-3572 – Summary The Scrapy project (scrapy/scrapy) is vulnerable to XML External Entity (XXE) attacks due to parsing untrusted XML with lxml.etree.fromstring without proper validation. The underlying issue lies in how XML is parsed, enabling a remote attacker to cause denial of service, a...

PT-2023-6502 · D Link · D-Link Dar-7000

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 versions up to 20151231 Description: The issue is related to the lack of validation of XML object sequences in the /sysmanage/edit manageadmin.php component of the D-Link DAR-7000 router's firmware. This can be exploited by a...

PT-2023-13967 · Opentext · Opentext Archive Center Administration

Name of the Vulnerable Software and Affected Versions: OpenText Archive Center Administration versions prior to 21.3 Description: The issue allows XXE attacks, where authenticated users could upload XML files that are not sufficiently validated, potentially leading to data exfiltration or localiz...

CVE-2017-17146

Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device...