Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2020/09/14 6:44 p.m.46 views

XXE in Apache Standard Taglibs

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

7.5CVSS8.6AI score0.03808EPSS
Exploits0References24Affected Software2
Cvelist
Cvelistadded 2020/02/17 7:35 p.m.10 views

CVE-2020-1693

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...

8.6CVSS9.7AI score0.07169EPSS
Exploits1References3
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.15626EPSS
Exploits10References2
Github Security Blog
Github Security Blogadded 2019/01/04 7:9 p.m.221 views

XML External Entity Reference (XXE) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

9.8CVSS9.1AI score0.03437EPSS
Exploits0References34Affected Software1
Veracode
Veracodeadded 2017/04/09 9:47 a.m.22 views

External XML Entity (XXE) Attacks

ignite-core is vulnerable external XML entity XXE attacks. The update notifier component sends sensitive system data over an unsecured HTTP connection. Since TLS is not used man-in-the-middle MitM attacks also possible. Attackers can alter the response coming from the server the information is se...

5.9CVSS5.5AI score0.00926EPSS
Exploits0References2Affected Software1
Mageia
Mageiaadded 2015/04/09 10:44 p.m.42 views

Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

7.5CVSS9.1AI score0.03808EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2014/10/14 8:47 p.m.1 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.02786EPSS
Exploits0References5
Rows per page
Query Builder