12 matches found
EUVD-2023-28248
Malicious code in bioql PyPI...
com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4), com.adobe.cq.media:cq-media-publishing-dps-integration (=5.6.16) +119 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-core (>=1.2.1 <=2.22.1)
org.apache.jackrabbit:jackrabbit-core MAVEN version =1.2.1, =5.6.100, =2.0.6, =1.0.10, =1.0.8, =2.0.5, =2.0.0, =0.0.1, =2.1.1, =2.5.0, =2.1.1, =2.5.0, =2.1.1, =4.3.5 and more Source cves: CVE-2025-58782 Source advisory: OSV:GHSA-CXVC-G8F2-4GMM...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
XML External Entity (XXE)
urule is vulnerable to XML External Entities XXE. A remote attacker is able to execute arbitrary code by uploading a crafted XML file to /urule/common/saveFile...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
Xxe
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
PT-2023-19465 · Urule · Urule
Name of the Vulnerable Software and Affected Versions: urule version 2.1.7 Description: An XML External Entity XXE issue allows attackers to execute arbitrary code by uploading a crafted XML file to the "/urule/common/saveFile" API endpoint. This is achieved by exploiting the saveFile...
URule 代码问题漏洞
URule is a pure Java rules engine by Gao Jie youseries individual developers. URule v2.1.7 version has a security vulnerability, the vulnerability stems from the existence of XML external entity XXE vulnerability, an attacker can be exploited to exploit the vulnerability by the carefully crafted...
CVE-2023-24189
Summary (CVE-2023-24189) : An XML External Entity (XXE) vulnerability in urule v2.1.7 allows remote code execution by uploading a crafted XML file to the API endpoint /urule/common/saveFile. This affects urule’s XML handling and is deemed CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; b...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...