Lucene search
K

1045 matches found

Nuclei
Nuclei
added 19 hours ago33 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS6.1AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 19 hours ago16 views

Zimbra Collaboration Suite - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...

7.5CVSS6.9AI score0.80906EPSS
Exploits10References5
Nuclei
Nuclei
added 19 hours ago113 views

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. id: CVE-2023-43187 info: name: NodeBB XML-RPC Request xmlrpc.php - XML Injection author: 0xParth...

9.8CVSS7.6AI score0.45401EPSS
Exploits1References2
NVD
NVD
added 3 days ago8 views

CVE-2026-0284

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS0.00498EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-0284

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score0.00498EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42677

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score0.00498EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-0284

The CVE concerns an XML injection vulnerability in Palo Alto Networks PAN-OS PAN-OS Large Scale VPN (LSVPN) functionality. An unauthenticated attacker with network access can inject malicious XML content, potentially causing information disclosure or corruption of internal LSVPN satellite data. A...

7.8CVSS6AI score0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS0.00498EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS software enables ...

7.8CVSS6.1AI score0.00498EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 3:41 p.m.3 views

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection during request serialization of scalar XML element values. An attacker can smuggle raw XML markup into generated output by supplying a string that contains CDATA terminator . This lets attacker-controlled content break out...

8.6CVSS5.9AI score0.00219EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 2:16 p.m.14 views

CVE-2026-53723

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 12:42 p.m.12 views

EUVD-2026-36242

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 12:42 p.m.10 views

CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.8CVSS5.3AI score0.00383EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 8:37 a.m.9 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to xmldom (CVE-2026-41672, CVE-2026-41673, CVE-2026-41674 & CVE-2026-41675)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to xmldom. Vulnerability Details CVEID:CVE-2026-41672 DESCRIPTION: xmldom is a pure...

8.7CVSS5.6AI score0.00643EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/08 6:41 p.m.34 views

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS0.00383EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/08 6:41 p.m.10 views

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS5.4AI score0.00383EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/08 6:41 p.m.10 views

EUVD-2026-35188

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS5.3AI score0.00383EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:41 p.m.8 views

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS5.3AI score0.00383EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

samlify 安全漏洞

Samlify is a Node.js library developed by TNGAN’s individual developers, used for SAML SSO. Versions of Samlify prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from template substitution only escaping attribute contexts, while values within element texts were not...

8.8CVSS5.3AI score0.00383EPSS
Exploits2References2
Rows per page
Query Builder