Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19641 matches found

CVE
CVEadded 2023/08/22 12:0 a.m.562 views

CVE-2022-48565

CVE-2022-48565 is an XXE issue in Python’s plistlib that occurs up to Python 3.9.1, where entity declarations in XML plist files could lead to vulnerabilities. The root cause is plistlib not rejecting entity declarations in XML plist files. Public advisories confirm remediation by updating Python...

9.8CVSS9.2AI score0.07274EPSS
Exploits3References7Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/22 12:0 a.m.36 views

CVE-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

6.7AI score0.07274EPSS
Exploits3References7
Debian CVE
Debian CVEadded 2023/08/22 12:0 a.m.101 views

CVE-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

9.8CVSS7.9AI score0.07274EPSS
Exploits3
OSV
OSVadded 2023/08/21 8:13 p.m.19 views

GHSA-VX8M-6FHW-PCCW @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Summary The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. Details It was noticed that in the validatePostRequestAsync flow in saml.js, the current timestamp is never checked. This could present a...

5.3CVSS5AI score0.00051EPSS
Exploits0References5
CloudLinux
CloudLinuxadded 2023/08/21 3:39 p.m.60 views

php: Fix of 2 CVEs

CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...

9.8CVSS7.2AI score0.3438EPSS
Exploits4
Microsoft CVE
Microsoft CVEadded 2023/08/21 7:0 a.m.67 views

Chromium: CVE-2023-4357 Insufficient validation of untrusted input in XML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.5AI score0.5897EPSS
Exploits0
OSV
OSVadded 2023/08/20 7:15 a.m.23 views

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

7.5CVSS7AI score
Exploits0References6
NVD
NVDadded 2023/08/20 7:15 a.m.23 views

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

7.5CVSS7.3AI score0.00261EPSS
Exploits1References6
UbuntuCve
UbuntuCveadded 2023/08/20 7:15 a.m.28 views

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

7.5CVSS6.8AI score0.00261EPSS
Exploits1References3
CVE
CVEadded 2023/08/20 12:0 a.m.146 views

CVE-2023-37369

CVE-2023-37369 affects Qt bases (Qt5/Qt6) with a vulnerability in QXmlStreamReader triggered by a crafted XML string, potentially causing an application crash due to a prefix-length handling bug. The issue is tied to Qt base components (qtbase-opensource-src) and has been addressed in multiple ad...

7.5CVSS7.2AI score0.00261EPSS
Exploits1References6Affected Software1
Fedora
Fedoraadded 2023/08/18 1:59 a.m.28 views

[SECURITY] Fedora 38 Update: qt5-qtbase-5.15.10-5.fc38

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

7.5CVSS6.6AI score0.00261EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2023/08/18 12:0 a.m.23 views

Fedora 38 : qt5-qtbase (2023-04d519d0b3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-04d519d0b3 advisory. Security fix for CVE-2023-37369 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.2AI score0.00261EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/08/17 8:30 a.m.14 views

CVE-2023-30877 WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov XML for Google Merchant Center plugin = 3.0.1 versions...

7.1CVSS5.9AI score0.00105EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/08/17 8:30 a.m.20 views

CVE-2023-30877 WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov XML for Google Merchant Center plugin = 3.0.1 versions...

7.1CVSS6.3AI score0.00105EPSS
Exploits0References1
NVD
NVDadded 2023/08/15 6:15 p.m.20 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8AI score0.5897EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2023/08/15 6:15 p.m.27 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.5897EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2023/08/15 5:7 p.m.28 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.3AI score0.5897EPSS
Exploits0
Cvelist
Cvelistadded 2023/08/15 5:7 p.m.21 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.2AI score0.5897EPSS
Exploits0References6
CVE
CVEadded 2023/08/15 5:7 p.m.249 views

CVE-2023-4357

CVE-2023-4357 affects Google Chrome (Chromium-based) and its Chromium derivatives. The vulnerability is caused by insufficient validation of untrusted input in XML, enabling a remote attacker to bypass file access restrictions via a crafted HTML page. Public records confirm impact on Chrome befor...

8.8CVSS7.8AI score0.5897EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/15 5:7 p.m.14 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8AI score0.5897EPSS
Exploits0References6
Rows per page
Query Builder