Lucene search
K

953 matches found

Vulnrichment
Vulnrichment
added 2025/04/17 12:0 a.m.8 views

CVE-2025-43708

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set2' is used, aka an "insecure deserialization" issue...

3.3CVSS4.1AI score0.00333EPSS
Exploits1References3
CVE
CVE
added 2025/04/17 12:0 a.m.201 views

CVE-2025-32415

CVE-2025-32415 affects libxml2: vulnerable in versions prior to 2.13.8 and 2.14.x prior to 2.14.2. The root cause is a heap-based buffer under-read in xmlSchemaIDCFillNodeTables (xmlschemas.c) that can be triggered by validating a crafted XML against a specific identity-constrained XML schema or ...

7.5CVSS4.1AI score0.00527EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/04/17 12:0 a.m.14 views

CVE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

2.9CVSS0.00527EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/04/17 12:0 a.m.49 views

CVE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS7.2AI score0.00527EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/04/14 8:43 p.m.10 views

CVE-2022-43840 IBM Aspera Console XPath injection

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...

4.3CVSS6.9AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/06 11:30 a.m.21 views

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

6.5CVSS7AI score0.00579EPSS
Exploits1References1
NVD
NVD
added 2025/04/04 11:15 a.m.27 views

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

9.8CVSS0.00579EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/04/04 11:0 a.m.9 views

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

6.5CVSS7.2AI score0.00579EPSS
Exploits1References4
CVE
CVE
added 2025/04/04 11:0 a.m.64 views

CVE-2025-3241

The CVE-2025-3241 entry concerns youkefu (zhangyanbo2007) up to version 4.2.0, focusing on the XML Document Handler’s CallCenterRouterController.java. The root cause is manipulation of the routercontent argument triggering an XML External Entity (XXE) reference, enabling remote initiation of an a...

9.8CVSS6.4AI score0.00579EPSS
Exploits1References4Affected Software1
Amazon
Amazon
added 2025/03/17 12:0 a.m.26 views

Important: libxml2

Issue Overview: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML...

9.8CVSS8.3AI score0.03185EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2025/03/10 1:16 p.m.11 views

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

9.8CVSS7.1AI score0.0113EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-28131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply...

7.5CVSS6.6AI score0.01875EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2016-4658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid...

10CVSS7.6AI score0.08628EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-5969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The...

4.7CVSS6.6AI score0.0263EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/26 12:27 a.m.11 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

9.8CVSS6.8AI score0.00378EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.7 views

Siemens SCALANCE W700 Double Free (CVE-2023-29469)

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

6.5CVSS7.1AI score0.01013EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/02/18 12:0 a.m.12 views

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

7.8CVSS6.9AI score0.0113EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/02/18 12:0 a.m.13 views

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

9.8CVSS7.6AI score0.0113EPSS
Exploits0
FreeBSD
FreeBSD
added 2025/02/18 12:0 a.m.9 views

libxml2 -- Use After Free

[email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a craft...

9.8CVSS7AI score0.0113EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/13 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7256-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Rows per page
Query Builder