CVE-2025-8355

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery SSRF...

CVE-2025-8355 XXE leading to SSRF

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery SSRF...

CVE-2025-8355

CVE-2025-8355 affects Xerox FreeFlow Core 8.0.4. It is an XML parsing XXE issue that enables SSRF by referencing internal URLs in crafted XML sent to jmfclient.jar. CVSS metrics point to HIGH impact with potential confidentiality exposure but no explicit code integrity/availability impact. Xerox ...

Xerox FreeFlow Core 安全漏洞

Xerox FreeFlow Core is a flexible and easy-to-use software from Xerox Corporation USA. A security vulnerability exists in Xerox FreeFlow Core version 8.0.4, which stems from improper handling of XML input and could lead to server-side request forgery...

Exploit for OS Command Injection in Gnu Bash

This is an extension for Burp Suite, a web application security testing tool. The extension, named "ActiveScan++", extends Burp's active and passive scanning capabilities to identify application behavior that may be of interest to advanced testers. It includes checks for potential host header...

XML External Entity (XXE) Injection

org.eclipse.jgit, org.eclipse.jgit is vulnerable to XML External Entity XXE attacks. The vulnerability is due to insecure handling of XML input by the ManifestParser and AmazonS3 classes when parsing XML files, allows an attacker to perform XML External Entity XXE attack...

XML External Entity (XXE)

kimai/kimai is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input, specifically failing to securely process external entities within XML documents, allowing an attacker to inject malicious XML content...

CVE-2023-41213

D-Link DAP-1325 setDhcpAssignRangeUpdate lanipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

MGASA-2019-0274 Updated expat packages fix security vulnerability

Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...