Lucene search
+L

107 matches found

RedhatCVE
RedhatCVE
added 2026/07/10 9:24 a.m.7 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.9 views

PT-2026-57144

Name of the Vulnerable Software and Affected Versions guardrails-detectors affected versions not specified Red Hat Enterprise Linux affected versions not specified Red Hat OpenShift AI affected versions not specified Description A flaw in the guardrails-detectors component allows a remote attacke...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References12
OSV
OSV
added 2026/07/08 8:16 p.m.2 views

DEBIAN-CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 8:16 p.m.4 views

UBUNTU-CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 7:31 p.m.3 views

CVE-2026-58501 Zeep SSRF because Settings.forbid_external is not enforced

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 7:31 p.m.8 views

CVE-2026-58501

Zeep (Python SOAP client) is affected in versions 4.0.0 through before 4.3.3, where Settings.forbid_external is defined but not enforced during WSDL/XSD parsing. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker‑controlled HTTP/HTTPS ...

5.9CVSS6AI score0.00252EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/19 10:10 p.m.12 views

GHSA-4CC2-G9W2-FHF6 Zeep: Server-Side Request Forgery (SSRF)

Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbidexternal option, intended to disable this transitive remote...

5.9CVSS6AI score0.00252EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/28 9:4 p.m.16 views

Security Bulletin: Vulnerabilities in libxml2 (CVE-2026-0989, CVE-2026-0990, CVE-2026-0992) affect AIX

Summary Vulnerabilities in libxml2 could cause a denial of service CVE-2026-0989, CVE-2026-0990, CVE-2026-0992. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2026-6732 DESCRIPTION: A flaw was found in libxml2. This vulnerability occurs when the library...

7.5CVSS5.8AI score0.00755EPSS
Exploits4Affected Software2
OSV
OSV
added 2026/04/23 11:16 p.m.5 views

DEBIAN-CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

7.5CVSS5.4AI score0.00632EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 10:19 p.m.51 views

CVE-2026-6732

CVE-2026-6732 affects libxml2 and is triggered when parsing an XSD-validated document that contains an internal entity reference, causing a type confusion error and a DoS via crashes. The vulnerability is tied to how libxml2 processes crafted XML Schema Definition inputs, with the impact describe...

7.5CVSS5.7AI score0.00632EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-0555

Malware in sbrugna...

9.8CVSS9.3AI score0.05517EPSS
Exploits0References26
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32154

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.01086EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-17588

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS5.8AI score0.50825EPSS
In wildExploits1References64
NCSC
NCSC
added 2025/06/18 10:17 a.m.6 views

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

9.9CVSS7.4AI score0.50825EPSS
Exploits1References3
NVD
NVD
added 2025/06/10 4:15 p.m.21 views

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS0.50825EPSS
Exploits1References7
CVE
CVE
added 2025/06/10 3:16 p.m.238 views

CVE-2025-30220

Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...

9.9CVSS9.3AI score0.50825EPSS
In wildExploits1References7Affected Software3
Cvelist
Cvelist
added 2025/06/10 3:16 p.m.115 views

CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS0.50825EPSS
Exploits1References7
OSV
OSV
added 2025/06/09 11:14 p.m.7 views

GHSA-826P-4GCG-35VW GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

Summary GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. Impact This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. Th...

9.9CVSS7AI score0.50825EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/06/09 11:14 p.m.18 views

GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

Summary GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. Impact This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. Th...

7AI score
Exploits0References4Affected Software2
Rows per page
Query Builder