Lucene search
K

53632 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 5 days ago24 views

CVE-2026-48614

The CVE-2026-48614 vector affects the Plesk XML API. An improper authorization flaw allows an authenticated user to inject arbitrary configuration directives, enabling arbitrary file writes as root and full privilege escalation on the underlying server. The available sources describe the impact a...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 5 days ago5 views

BIT-TOMCAT-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

9.1CVSS6AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

OESA-2026-2857 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a poli...

6.9CVSS6.2AI score0.00135EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score0.00316EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-55960

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2018-25282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential...

6.9CVSS6AI score0.00121EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 9:17 a.m.4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the PatternParser process. An attacker can access sensitive files or interact with internal systems by submitting crafted XML data that triggers external entity resolution. Details XXE Injection is ...

9.8CVSS6AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 8:16 a.m.5 views

CVE-2026-47898

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

9.8CVSS0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 7:47 a.m.9 views

EUVD-2026-41517

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS5.9AI score0.00328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:47 a.m.9 views

CVE-2026-47898

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS5.9AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55505

Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Analysis.Common versions 4.8.0-beta00005 through 4.8.0-beta00017 Description Improper Restriction of XML External Entity Reference XXE in the Lucene.Net.Analysis.Common library, specifically within the PatternParser. XXE is a...

9.8CVSS6AI score0.00328EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Notepad++ 8.9.6.2 < 8.9.6.4 TOCTOU Race Condition (CVE-2026-52885)

The version of Notepad++ installed on the remote host is 8.9.6.2 or 8.9.6.3. It is, therefore, affected by a TOCTOU race condition vulnerability: - A time-of-check time-of-use TOCTOU race condition exists in the HMAC verification of shortcuts.xml. The HMAC check validates the on-disk file at...

7.5CVSS6.2AI score0.00129EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 3:19 p.m.6 views

CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/07/02 3:19 p.m.11 views

CVE-2026-44941 libzypp path traversal via "keyhint" in repomd.xml

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-740 Improper Restriction of XML External Entity Reference in trytond and proteus

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

6.5CVSS6.1AI score0.01374EPSS
Exploits1References10
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-741 XML Entity Expansion in trytond and proteus

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS6AI score0.01927EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.3 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
Rows per page
Query Builder