EUVD-2025-14921

Malicious code in bioql PyPI...

CVE-2025-4639

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...

CVE-2025-4639

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...

CVE-2025-4639

CVE-2025-4639 affects Peergos up to version 1.1.0, due to CWE-611 (Improp er Restriction of XML External Entity Reference) in the WebDav servlet’s getDocumentBuilder() method. Multiple sources corroborate the issue in Peergos 1.1.0 and earlier, describing a vulnerability that can impact confident...

Peergos 代码问题漏洞

Peergos is a Peergos open source application. A security vulnerability exists in Peergos 1.1.0 and earlier versions that stems from improperly restricted XML external entity references in the WebDav servlet...

PT-2025-21224 · Peergos · Peergos

Name of the Vulnerable Software and Affected Versions: Peergos versions through 1.1.0 Description: The issue is related to an improper restriction of XML external entity reference in the getDocumentBuilder method of the WebDav servlet in Peergos. This allows for potential exploitation...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2025:0058-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0058-1 advisory. Update to Tomcat 9.0.98 - Fixed CVEs: - CVE-2024-54677: DoS in examples web application bsc1234664 - CVE-2024-50379:...

Improper Restriction of XML External Entity Reference in bedework:bw-webdav

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

XML External Entity (XXE)

bw-webdav is vulnerable to XML external entities attacks XXE. The parseContent function in webdav/servlet/common/MethodBase.java and the processXML function in webdav/servlet/common/PostRequestPars.java do not implement secure XML parsing which would allow a remote attacker to perform XXE attacks...

CVE-2018-20000

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

Design/Logic Flaw

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...

Apache Tomcat Upload Bypass / Remote Code Execution(CVE-2017-12617)

CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...

Apache Tomcat 6.0.x < 6.0.16 Information Disclosure

Binary data 4368.pasl...

Fixed in Apache Tomcat 5.5.26

Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 5.5.0-5.5.25 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...

Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3382 It was discovered that single quotes ' in cookies were treated as a delimiter, which could lead to an...