CVE-2025-30018

The Live Auction Cockpit in SAP Supplier Relationship Management SRM allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the...

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

PT-2024-19283 · Terminalfour · Terminalfour

Name of the Vulnerable Software and Affected Versions: Terminalfour versions 8.0.0001 through 8.3.18 XML JDBC versions up to 1.0.4 Description: The issue allows authenticated users to submit malicious XML via unspecified features, which could lead to various actions such as accessing the underlyi...

PT-2024-19282 · Terminalfour · Terminalfour

Name of the Vulnerable Software and Affected Versions: Terminalfour versions 8.0.0001 through 8.3.18 XML JDBC versions up to 1.0.4 Description: The issue allows authenticated users to submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote cod...