Lucene search
+L

109 matches found

OSV
OSV
added 2024/11/18 5:3 p.m.19 views

CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS6.6AI score0.0076EPSS
Exploits1References6
NVD
NVD
added 2023/08/03 10:15 p.m.25 views

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

6.5CVSS6.3AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/03 9:7 p.m.8 views

CVE-2023-30951 CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

6.3CVSS6.9AI score0.00375EPSS
Exploits0References1
Amazon
Amazon
added 2023/04/20 12:0 a.m.31 views

Important: pki-core

Issue Overview: Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. CVE-2022-2414 Affected Packages: pki-core Note:...

7.5CVSS8.2AI score0.85323EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2023/04/13 12:0 a.m.8 views

CVE-2023-26263

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...

7AI score0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/23 11:26 a.m.8 views

CVE-2023-28683

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.6 views

PT-2023-21900 · Jenkins · Jenkins Visual Studio Code Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Visual Studio Code Metrics Plugin versions 1.7 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control VS Code Metrics File...

8.2CVSS8AI score0.00569EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/03/21 3:53 p.m.7 views

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.9AI score0.00602EPSS
Exploits0References1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-4774-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.2AI score0.1005EPSS
Exploits6References2
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.7 views

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7AI score0.0128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.9 views

PT-2023-18594 · Zoho · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Exchange Reporter Plus versions prior to 5708 Description: The issue allows attackers to conduct XXE XML External Entity attacks. This type of attack occurs when an application parses XML input that contains malicious extern...

7.5CVSS7.5AI score0.03184EPSS
Exploits0References4
CVE
CVE
added 2022/11/23 12:0 a.m.73 views

CVE-2022-40771

CVE-2022-40771 affects Zoho ManageEngine ServiceDesk Plus versions 13010 and earlier. The vulnerability is an XML External Entity (XXE) issue in the Analytics Plus integration that can lead to information disclosure. The CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N with a base score of...

4.9CVSS5AI score0.03456EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/11/19 12:46 a.m.24 views

Information Disclosure

pki-core is vulnerable to Information Disclosure. An attacker is able to retrieve the content of arbitrary files by sending specially crafted HTTP requests causing xml external entity attacks...

7.5CVSS7.5AI score0.85323EPSS
Exploits3References5Affected Software2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.8 views

CVE-2022-45395

Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.7AI score0.01057EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.6 views

CVE-2022-45386

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.7AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2022/06/02 6:15 p.m.6 views

CVE-2021-45981

NetScout nGeniusONE 6.3.2 allows an XML External Entity XXE attack...

9.8CVSS5.8AI score0.01049EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/04/23 12:40 a.m.48 views

Nokogiri is vulnerable to XML External Entity (XXE) attack

Nokogiri before 1.5.4 is vulnerable to XXE attacks...

7.5CVSS2.5AI score0.02168EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2021/11/12 10:35 a.m.85 views

CVE-2021-21701

Summary: CVE-2021-21701 affects Jenkins Performance Plugin 3.20 and earlier. The root cause is an XML parser not configured to prevent XML External Entity (XXE) attacks. What’s affected: the Performance Plugin in Jenkins; versions ≤ 3.20. Impact (as described in connected sources): an attacker wi...

6.5CVSS6.3AI score0.01671EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/10/02 7:45 p.m.29 views

CVE-2020-15232 XML External Entity attack in mapfish-print

In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...

9.3CVSS9.2AI score0.01342EPSS
Exploits0References2
Rows per page
Query Builder