CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

447 matches found

The Hacker News•added 2026/06/11 5:43 p.m.•11 views

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse aka Nightmare-Eclipse and MSNightmare has released a new Windows BitLocker bypass dubbed GreatXML , a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in...

6.8CVSS6.4AI score0.01249EPSS

Exploits2

Cvelist•added 2026/06/08 12:59 p.m.•43 views

CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS0.00358EPSS

Exploits0References1

CNNVD•added 2026/04/26 12:0 a.m.•9 views

Nmap 安全漏洞

Nmap is an open-source tool for network discovery and security scanning developed by Nmap. Version 7.70 of Nmap contains a security vulnerability. This vulnerability arises from handling malicious XML files containing exponentially growing entity extensions, which can lead to a denial-of-service...

6.9CVSS5.8AI score0.00123EPSS

Exploits0References2

OSV•added 2026/04/17 7:56 p.m.•2 views

MGASA-2026-0100 Updated polkit-122 packages fix security vulnerability

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write. CVE-2025-7519...

6.7CVSS6.6AI score0.00184EPSS

Exploits0References3

RedHat Linux•added 2026/04/16 10:31 p.m.•4 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00512EPSS

Exploits0References7

RedhatCVE•added 2026/04/13 10:27 p.m.•3 views

CVE-2026-33908

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. When ImageMagick processes an XML file with deeply nested structures, the DestroyXMLTree function, which frees memory, is executed recursively without a depth limit. This can lead to the...

7.5CVSS5.7AI score0.00465EPSS

Exploits0References7

Snyk•added 2026/01/21 1:6 a.m.•9 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.6AI score

Exploits0References2

RedhatCVE•added 2026/01/09 8:34 a.m.•20 views

CVE-2024-34085

A vulnerability has been identified in JT2Go All versions V2312.0001, Teamcenter Visualization V14.1 All versions V14.1.0.13, Teamcenter Visualization V14.2 All versions V14.2.0.10, Teamcenter Visualization V14.3 All versions V14.3.0.7, Teamcenter Visualization V2312 All versions V2312.0001. The...

7.8CVSS7.4AI score0.00239EPSS

Exploits0References1

Positive Technologies•added 2025/12/30 12:0 a.m.•3 views

PT-2025-54222

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

5.1CVSS6.2AI score0.00981EPSS

Exploits2References6

Tenable Nessus•added 2025/11/13 12:0 a.m.•3 views

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-29824)

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS6.8AI score0.03403EPSS

Exploits5References4

NVD•added 2025/10/27 5:15 p.m.•5 views

CVE-2025-54967

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...

6.5CVSS0.00331EPSS

Exploits0References2

CNNVD•added 2025/10/27 12:0 a.m.•2 views

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP prior to version 4.6.0.3 that originates from allowing external entities to exist in certain XML-based files, which could lead ...

6.5CVSS6.1AI score0.00331EPSS

Exploits0References3