Lucene search
K

4 matches found

OSV
OSV
added last week1 views

CVE-2026-58501 Zeep SSRF because Settings.forbid_external is not enforced

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/09 6:40 p.m.5 views

php: NULL pointer dereference in SoapClient

A NULL pointer dereference issue is in the SOAP extension of PHP. More specifically, the flaw occurs in the SoapClient when parsing a WSDL document due to improper checking of a child node name. A malicious or compromised server replies with a crafted WSDL document, leading to a denial of service...

7.5CVSS7.4AI score0.03179EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2017/09/13 9:50 a.m.64 views

Exploit for Code Injection in Microsoft

CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sam...

9.3CVSS5.6AI score0.88698EPSS
Exploits14
RedHat Linux
RedHat Linux
added 2017/08/23 9:17 a.m.6 views

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

6.5CVSS7.3AI score0.02862EPSS
Exploits0References5
Rows per page
Query Builder