7158 matches found
Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)
Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...
Cisco Catalyst SD-WAN Manager 输入验证错误漏洞
Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is an input validation vulnerability in Cisco Catalyst SD-WAN Manager, which stems...
PT-2026-40962
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage, allows an unauthenticated remote attacker to read arbitrary files from the...
PT-2026-41424
CVE-2026-40328 - Apache HTTP Server XML External Entity XXE Injection CVE ID :CVE-2026-40328 Published : May 13, 2026, 10:16 p.m. | 37 minutes ago Description :Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affect...
CVE-2026-44445
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...
CVE-2026-44445
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...
EUVD-2026-30196
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...
CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...
CVE-2026-44445
ERPNext contains an XXE (XML External Entity) vulnerability in the EDI Module that affects versions prior to 15.104.3 and 16.12.0. An authenticated attacker could read local filesystem files, including sensitive configuration files. The issue is fixed in 15.104.3 and 16.12.0. Impact is limited to...
CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...
ERPNext 代码问题漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to 15.104.3 and 16.12.0 contained code vulnerabilities. These vulnerabilities stemmed from improper restrictions on XML external entity references in the EDI...
PT-2026-40822
Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.12.0 Description An improper restriction of XML external entity XXE reference in the EDI Module allows an authenticated attacker to read files from the local file system, includin...
CVE-2026-23822
CVE-2026-23822 affects the XML handling component of AOS-8 DHCP services on Access Points running AOS Instant 8.x.x.x. The vulnerability allows an unauthenticated remote attacker to trigger a denial-of-service by causing excessive resource consumption after user interaction. The CVSS vector indic...
CVE-2026-23822 Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service
A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...
CVE-2026-41895
The CVE-2026-41895 entry concerns changedetection.io and documents an XXE vulnerability in its XML/RSS handling. In version 0.54.9 and earlier, xpath_filter() switches to XML mode and constructs etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external D...
KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026
KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...
KB5090347 - Description of the security update for SQL Server 2017 GDR: May 12, 2026
KB5090347 - Description of the security update for SQL Server 2017 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...
KB5089899 - Description of the security update for SQL Server 2025 CU4: May 12, 2026
KB5089899 - Description of the security update for SQL Server 2025 CU4: May 12, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update Ho...
KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026
KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary...
KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026
KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary...