Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/06/12 3:21 p.m.5 views

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

9.9CVSS9.1AI score0.13939EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/05/14 3:29 p.m.8 views

CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...

8.6CVSS6.6AI score0.00243EPSS
Exploits0References3
Packet Storm
Packet Stormadded 2025/03/04 12:0 a.m.304 views

Atlassian JIRA Arbitrary File Read

Atlassian JIRA versions prior to 5.0.1 XML injection proof of concept exploit that lets you read an arbitrary file. ============================================================================================================================================= | Title : Atlassian JIRA before 5.0.1 P...

9.1CVSS7.2AI score0.64534EPSS
Exploits3
0day.today
0day.todayadded 2019/04/19 12:0 a.m.673 views

Oracle Business Intelligence / XML Publisher 12.2.1.4.0 - XML External Entity Injection Exploit

Exploit for windows platform in category web applications Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link: https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html Version:...

7.2AI score0.93992EPSS
Exploits4
exploitpack
exploitpackadded 2018/03/28 12:0 a.m.34 views

Microsoft Windows Remote Assistance - XML External Entity Injection

Microsoft Windows Remote Assistance - XML External Entity Injection Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident...

2.6CVSS6.1AI score0.40424EPSS
Exploits4
UbuntuCve
UbuntuCveadded 2017/10/14 11:29 p.m.38 views

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

9.8CVSS7.6AI score0.93891EPSS
Exploits11References4
Silent Robot Systems
Silent Robot Systemsadded 2015/03/05 4:0 a.m.20 views

Exploiting XXE Vulnerabilities in OXML Documents - Part 1

OXML is a common document format; think docx Microsoft Word Document, pptx Microsoft Powerpoint, xlsx Excel Spreadsheet, etc. An OXML document is a zip file containing XML files and any media files. When the document is rendered, the rendering library unzips the document and then parses the...

6.9AI score
Exploits0
Rows per page
Query Builder