Lucene search
K

124 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.26 views

RHEL 7 : apache-ivy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-ivy: Directory Traversal CVE-2022-37865 - Improper Restriction of XML External Entity Reference, X...

9.6AI score0.01855EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/09 2:56 p.m.16 views

CVE-2024-34345 @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...

8.1CVSS7AI score0.00925EPSS
Exploits0References3
NVD
NVD
added 2024/03/22 7:15 p.m.19 views

CVE-2024-2826

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

8.8CVSS6.5AI score0.00628EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/22 7:0 p.m.13 views

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

6.5CVSS7.1AI score0.00628EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/22 7:0 p.m.25 views

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.8AI score0.00628EPSS
Exploits1References3
CVE
CVE
added 2023/11/30 11:29 a.m.86 views

CVE-2023-49733

CVE-2023-49733 affects Apache Cocoon 2.2.0 up to versions before 2.3.0. It is an XML External Entity (XXE) reference vulnerability due to improper restriction, enabling potentially sensitive data exposure and other impacts as described in the sources. The recommended remediations are upgrading to...

9.8CVSS9.5AI score0.01292EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2023/10/05 7:55 a.m.217 views

Exploit for Improper Restriction of XML External Entity Reference in Dogtagpki

CVE-2022-2414 CVE-2022-24...

7.5CVSS7.8AI score0.85323EPSS
Exploits3
NVD
NVD
added 2023/06/15 1:15 p.m.22 views

CVE-2023-3276

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

7.5CVSS6.1AI score0.00726EPSS
Exploits1References3
Prion
Prion
added 2023/06/15 1:15 p.m.15 views

Xxe

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

5.2CVSS7.5AI score0.00726EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/15 1:0 p.m.53 views

CVE-2023-3276

HuTool (Dromara HuTool) up to 5.8.19 contains an XXE flaw in XmlUtil.readBySax, enabling xml external entity reference exploitation. Publicly disclosed exploit; no fixed version information in the provided documents. Affected component: XML Parsing Module (XmlUtil.java). Practical impact describe...

7.5CVSS6.3AI score0.00726EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/15 1:0 p.m.9 views

CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

5.5CVSS6.6AI score0.00726EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/15 1:0 p.m.28 views

CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

5.5CVSS7.7AI score0.00726EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/15 12:0 a.m.42 views

Improper Restriction of XML External Entity Reference

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...

7.5CVSS7AI score0.00726EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/05/19 9:15 a.m.27 views

CVE-2023-2806

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

8.8CVSS6.4AI score0.00984EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/05/19 8:31 a.m.11 views

CVE-2023-2806 Weaver e-cology API RequestInfoByXml xml external entity reference

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

5.5CVSS6.8AI score0.00984EPSS
Exploits1References3
NVD
NVD
added 2023/04/03 7:15 p.m.20 views

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

7.1CVSS7AI score0.0053EPSS
Exploits0References1
Prion
Prion
added 2023/04/03 7:15 p.m.15 views

Xxe

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

4CVSS6.5AI score0.00555EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/03 6:44 p.m.56 views

CVE-2022-43941

CVE-2022-43941 affects Hitachi Vantara Pentaho Business Analytics Server prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x). The issue is that the Post Analysis service endpoint of the data access plugin does not properly protect against XML External Entity (XXE) references, a root-cause that can lea...

7.1CVSS6.7AI score0.0053EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/21 6:0 p.m.9 views

CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

6.5CVSS9.6AI score0.00775EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/03/21 6:0 p.m.33 views

CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

6.5CVSS9.6AI score0.00775EPSS
Exploits0References5
Rows per page
Query Builder