CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

823 matches found

Prion•added 2022/04/12 5:15 p.m.•17 views

Design/Logic Flaw

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges...

5CVSS7.8AI score0.00934EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/04/12 4:11 p.m.•17 views

CVE-2022-27669

8AI score0.00934EPSS

Exploits0References2

Github Security Blog•added 2022/03/18 5:46 p.m.•33 views

XML external entity (XXE) injection in Apache Nutch

An XML external entity XXE injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions 1.18. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. ...

9.1CVSS4.8AI score0.04359EPSS

Exploits0References8Affected Software1

OSV•added 2022/03/18 5:46 p.m.•23 views

GHSA-FXHP-WRW9-3R97 XML external entity (XXE) injection in Apache Nutch

9.1CVSS8.9AI score0.04359EPSS

Exploits0References7

CNVD•added 2022/03/08 12:0 a.m.•27 views

Apache Any23 code issue vulnerability

Apache Any23 is a library, Web service, and command-line tool from the Apache Foundation, USA. It can extract structured data in RDF format from a variety of Web documents.Any23 versions prior to 2.7 contain a code issue vulnerability that could be exploited by an attacker to interfere with an...

9.1CVSS3.5AI score0.02747EPSS

Exploits0References1

Cvelist•added 2022/03/04 11:25 p.m.•16 views

CVE-2022-25312 An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor

An XML external entity XXE injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's...

9.1AI score0.02747EPSS

Exploits0References2

Openbugbounty•added 2021/12/04 2:6 p.m.•14 views

unl.edu Open Redirect vulnerability OBB-2292352

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| unl.edu ---|--- Open Bug Bounty Program...

7.1AI score

Exploits0

VulnCheck KEV•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-1147

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...

7.8CVSS7.8AI score0.94243EPSS

Exploits10References1

NVD•added 2021/11/01 9:15 a.m.•10 views

CVE-2015-20067

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress...

7.5CVSS0.08185EPSS

Exploits1References3

Prion•added 2021/11/01 9:15 a.m.•8 views

Design/Logic Flaw

5CVSS7AI score0.08185EPSS

Exploits1References3Affected Software1

CVE•added 2021/11/01 8:45 a.m.•54 views

CVE-2015-20067

CVE-2015-20067 affects the WordPress WP Attachment Export plugin prior to v0.2.4. The vulnerability arises from improper access controls that allow unauthenticated users to download an XML data set containing details of attachments and posts (and, in some disclosures, plaintext passwords for pass...

7.5CVSS7.5AI score0.08185EPSS

Exploits1References3Affected Software1

Openbugbounty•added 2021/10/27 11:4 a.m.•8 views

microcenter.com Cross Site Scripting vulnerability OBB-2212236

5.8AI score

Exploits0

Openbugbounty•added 2021/09/25 10:56 a.m.•13 views

sovsport.ru Cross Site Scripting vulnerability OBB-2149180

6.3AI score

Exploits0

Openbugbounty•added 2021/09/18 11:59 a.m.•19 views

g-star.com Cross Site Scripting vulnerability OBB-2143678

6.2AI score

Exploits0

NVD•added 2021/09/15 1:15 p.m.•10 views

CVE-2021-30137

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...

8.2CVSS0.00793EPSS

Exploits1References1

Prion•added 2021/09/15 1:15 p.m.•14 views

Design/Logic Flaw

6.4CVSS8AI score0.00793EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/09/15 12:35 p.m.•14 views

CVE-2021-30137

7.7CVSS8.3AI score0.00793EPSS

Exploits1References1

Github Security Blog•added 2021/09/13 8:6 p.m.•48 views

XML Injection in Any23

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

9.1CVSS8.9AI score0.02664EPSS

Exploits0References3Affected Software1

Prion•added 2021/09/11 11:15 a.m.•19 views

Xxe

6.4CVSS9.1AI score0.02664EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/09/11 11:5 a.m.•16 views

CVE-2021-38555 An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java

9.4AI score0.02664EPSS

Exploits0References1

Rows per page