Lucene search
K

124 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:7 a.m.9 views

CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

6.5CVSS6.8AI score0.00763EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:16 p.m.7 views

CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system...

5.5CVSS6.3AI score0.00941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 a.m.10 views

CVE-2018-25082

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

9.8CVSS6.8AI score0.00775EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:56 a.m.8 views

CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

9.8CVSS7AI score0.00752EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 a.m.6 views

CVE-2016-15011

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...

9.8CVSS6.9AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/08 4:5 p.m.14 views

CVE-2025-22478

Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information...

8.1CVSS6.9AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/04 11:0 a.m.25 views

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

6.5CVSS0.00579EPSS
Exploits1References4
NVD
NVD
added 2025/03/21 8:15 p.m.10 views

CVE-2025-25036

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...

6.8CVSS0.00407EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/17 6:31 a.m.28 views

CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference

A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...

6.5CVSS0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/17 6:31 a.m.7 views

CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference

A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.4AI score0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/12 8:0 p.m.10 views

CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

6.5CVSS6.5AI score0.00352EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/06 1:51 a.m.13 views

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

7.1CVSS6.4AI score0.0053EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/07 8:3 p.m.25 views

CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

7.5CVSS6.8AI score0.02859EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/08/19 7:25 p.m.166 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5...

9.8CVSS9.9AI score0.99994EPSS
Exploits26
OSV
OSV
added 2024/06/17 7:26 a.m.78 views

BIT-MAGENTO-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS9.9AI score0.99994EPSS
Exploits26References2
OSV
OSV
added 2024/06/13 9:31 a.m.41 views

GHSA-M8CJ-3V68-3CXJ Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS9.9AI score0.99994EPSS
Exploits26References9
OSV
OSV
added 2024/06/13 9:4 a.m.34 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS7.6AI score0.99994EPSS
Exploits26References5
Cvelist
Cvelist
added 2024/06/13 9:4 a.m.68 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS0.99994EPSS
Exploits26References2
CVE
CVE
added 2024/06/13 9:4 a.m.371 views

CVE-2024-34102

CVE-2024-34102 is an XXE vulnerability in Adobe Commerce/Magento Open Source that allows remote code execution. The issue affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, via improper restriction of XML external entity references. Exploitation can occur without use...

9.8CVSS9.6AI score0.99994EPSS
In wildExploits26References3Affected Software3
Vulnrichment
Vulnrichment
added 2024/06/13 9:4 a.m.120 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS7.4AI score0.99994EPSS
Exploits26References2
Rows per page
Query Builder