2 matches found
CVE-2024-8010
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...
SUSE-SU-2025:02280-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. ...