25 matches found
DBeaver < 21.2.3 XXE Vulnerability
The version of DBeaver installed on the remote Windows host is prior to 21.2.3. It is, therefore, affected by the following XXE vulnerability: - The dbeaver is vulnerable to XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the parseDocument function in t...
PT-2025-50286
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion is affected by an Improper Restriction of XML External Entity Reference 'XXE' issue that could allow an attacker to read arbitrary files from the system...
EUVD-2021-21470
Malware in sbrugna...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
CVE-2023-50168
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...
Improper Restriction of XML External Entity Reference in Elasticsearch
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
CVE-2021-34823
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
Path traversal
The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...
PT-2021-11184 · Silverstripe +3 · Silverstripe +2
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity XXE attacks. When this developer utility is misused for purposes involving external or user submitted data in custom...
Elastic Elasticsearch Security Information Disclosure Vulnerability (ESA-2018-19)
Elasticsearch Security is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Debian DLA-2191-1 : dom4j security update
A flaw was found in dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. For Debian 8 'Jessie', this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2. We recommend that you upgrade your dom4j packages...
Elasticsearch ESA-2018-19
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learnings findfilestructure API. If a policy allowing external network access has been added to Elasticsearchs Java Security Manager then an attacker could send a specially crafted request capable of leaking content of...
CVE-2018-17247
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...
CVE-2018-17247
Elasticsearch Security 6.5.0/6.5.1 are affected by an XXE in Machine Learning’s find_file_structure API. The root cause is an XML External Entity vulnerability when a policy allowing external network access is present in the Java Security Manager, enabling a crafted request to leak local file con...
Xxe
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites...
Design/Logic Flaw
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...
CVE-2018-1077
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...
CVE-2018-1077
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...
CVE-2018-1077
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...