Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.6 views

DBeaver < 21.2.3 XXE Vulnerability

The version of DBeaver installed on the remote Windows host is prior to 21.2.3. It is, therefore, affected by the following XXE vulnerability: - The dbeaver is vulnerable to XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the parseDocument function in t...

9.8CVSS7.6AI score0.00902EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50286

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion is affected by an Improper Restriction of XML External Entity Reference 'XXE' issue that could allow an attacker to read arbitrary files from the system...

8.6CVSS6.4AI score0.00466EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-21470

Malware in sbrugna...

9.1CVSS9AI score0.01979EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:52 p.m.5 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1CVSS7AI score0.01979EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 4:15 p.m.1 views

CVE-2023-50168

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...

7.7CVSS5.8AI score0.00392EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:34 a.m.31 views

Improper Restriction of XML External Entity Reference in Elasticsearch

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

5.9CVSS2.5AI score0.01383EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/08/13 5:15 p.m.17 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1CVSS0.01979EPSS
Exploits0References2
OSV
OSV
added 2021/08/13 5:15 p.m.3 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1CVSS5.9AI score0.01979EPSS
Exploits0References2
Prion
Prion
added 2021/08/13 5:15 p.m.12 views

Path traversal

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

6.4CVSS8.8AI score0.01979EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/08 12:0 a.m.5 views

PT-2021-11184 · Silverstripe +3 · Silverstripe +2

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity XXE attacks. When this developer utility is misused for purposes involving external or user submitted data in custom...

4.8CVSS4.9AI score0.0082EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2021/01/19 12:0 a.m.16 views

Elastic Elasticsearch Security Information Disclosure Vulnerability (ESA-2018-19)

Elasticsearch Security is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS5.6AI score0.01383EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.37 views

Debian DLA-2191-1 : dom4j security update

A flaw was found in dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. For Debian 8 'Jessie', this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2. We recommend that you upgrade your dom4j packages...

9.8CVSS6.5AI score0.07269EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/01/18 12:0 a.m.42 views

Elasticsearch ESA-2018-19

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learnings findfilestructure API. If a policy allowing external network access has been added to Elasticsearchs Java Security Manager then an attacker could send a specially crafted request capable of leaking content of...

5.9CVSS5.8AI score0.01383EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/12/20 10:29 p.m.18 views

CVE-2018-17247

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

5.9CVSS6.1AI score0.01383EPSS
Exploits0References3
CVE
CVE
added 2018/12/20 10:0 p.m.85 views

CVE-2018-17247

Elasticsearch Security 6.5.0/6.5.1 are affected by an XXE in Machine Learning’s find_file_structure API. The root cause is an XML External Entity vulnerability when a policy allowing external network access is present in the Java Security Manager, enabling a crafted request to leak local file con...

5.9CVSS5.3AI score0.01383EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/04/13 4:29 p.m.16 views

Xxe

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites...

5.8CVSS6.3AI score0.01121EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2018/03/14 6:29 p.m.20 views

Design/Logic Flaw

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...

5CVSS7.4AI score0.0108EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2018/03/14 6:29 p.m.24 views

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...

7.5CVSS7.4AI score0.0108EPSS
Exploits0References1
OSV
OSV
added 2018/03/14 6:29 p.m.29 views

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...

7.5CVSS7.6AI score
Exploits0References1
Cvelist
Cvelist
added 2018/03/14 6:0 p.m.25 views

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...

7.4AI score0.0108EPSS
Exploits0References1
Rows per page
Query Builder