Lucee 5.4.x < 5.4.3.2 Remote Code Execution

According to its self-reported version number, Lodash is prior to 5.3.12.1 or 5.4.x prior to 5.4.3.2. It is, therefore, affected by a Remote Code Execution via an XML XXE attack in the Lucee REST endpoint. Note that the scanner has not tested for these issues but has instead relied only on the...

[SECURITY] [DSA 6039-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6039-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 26, 2025 https://www.debian.org/security/faq -...

Debian dsa-6038 : openjdk-17-dbg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6038 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6038-1 [email protected] https://www.debian.org/securit...

EUVD-2023-42476

Malicious code in bioql PyPI...

CVE-2023-38693

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

CVE-2023-38693

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

CVE-2023-38693 RCE in Lucee REST endpoint

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

CVE-2023-38693 RCE in Lucee REST endpoint

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

CVE-2023-38693

CVE-2023-38693 affects Lucee Server’s REST endpoint, where an XML XXE vulnerability in the REST handler enables remote code execution. The root cause is improper XML processing allowing external entities to be evaluated during parsing, leading to potential code execution with high impact (as per ...

IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.6 (7148426)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7148426 advisory. - IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

Security Bulletin: IBM MQ is vulnerable to issues in Eclipse (CVE-2023-4218, CVE-2023-44487)

Summary IBM MQ has addressed vulnerabilities in Eclipse, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

JVN#39596244: Improper restriction of XML external entity references (XXE) in FD Application

FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the...

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2023-3113

An unauthenticated XML external entity injection XXE vulnerability exists in LXCA's Common Information Model CIM server that could result in read-only access to specific files...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit

Exploit for java platform in category web applications !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program...

eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection

eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY...