Lucene search
K

7184 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 12:0 a.m.10 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

5.8AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-41305

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

5.8AI score0.00365EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 12:0 a.m.11 views

EUVD-2026-30548

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 5:16 p.m.26 views

CVE-2026-20224

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS0.00696EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 4:8 p.m.10 views

CVE-2026-20224 Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS6AI score0.00696EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 4:8 p.m.19 views

EUVD-2026-30325

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS6AI score0.00696EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 9:59 a.m.9 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

9.1CVSS5.9AI score0.00542EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41424

CVE-2026-40328 - Apache HTTP Server XML External Entity XXE Injection CVE ID :CVE-2026-40328 Published : May 13, 2026, 10:16 p.m. | 37 minutes ago Description :Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affect...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40962

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage, allows an unauthenticated remote attacker to read arbitrary files from the...

8.6CVSS5.9AI score0.00696EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Cisco Catalyst SD-WAN Manager 输入验证错误漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is an input validation vulnerability in Cisco Catalyst SD-WAN Manager, which stems...

8.6CVSS6AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

6.5CVSS0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:17 p.m.10 views

EUVD-2026-30196

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:17 p.m.28 views

CVE-2026-44445

ERPNext contains an XXE (XML External Entity) vulnerability in the EDI Module that affects versions prior to 15.104.3 and 16.12.0. An authenticated attacker could read local filesystem files, including sensitive configuration files. The issue is fixed in 15.104.3 and 16.12.0. Impact is limited to...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 9:17 p.m.11 views

CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:17 p.m.7 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 9:17 p.m.44 views

CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

5.3CVSS0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40822

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.12.0 Description An improper restriction of XML external entity XXE reference in the EDI Module allows an authenticated attacker to read files from the local file system, includin...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

ERPNext 代码问题漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to 15.104.3 and 16.12.0 contained code vulnerabilities. These vulnerabilities stemmed from improper restrictions on XML external entity references in the EDI...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:37 p.m.16 views

CVE-2026-23822

CVE-2026-23822 affects the XML handling component of AOS-8 DHCP services on Access Points running AOS Instant 8.x.x.x. The vulnerability allows an unauthenticated remote attacker to trigger a denial-of-service by causing excessive resource consumption after user interaction. The CVSS vector indic...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:37 p.m.9 views

CVE-2026-23822 Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder