CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0289

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00231EPSS

Exploits0References6

RedhatCVE•added 2025/05/22 7:12 a.m.•4 views

CVE-2019-9757

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read...

7.5CVSS6.7AI score0.86103EPSS

Exploits1References1

NVD•added 2024/10/07 8:15 p.m.•16 views

CVE-2024-45293

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

7.5CVSS0.71632EPSS

Exploits1References1

Vulnrichment•added 2024/10/07 8:3 p.m.•22 views

CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader

7.5CVSS6.8AI score0.71632EPSS

Exploits1References1

Hacker One•added 2021/06/03 8:14 p.m.•150 views

h1-ctf: CCC H1 June 2021 CTF Writeup

CTF Summary This was my first H1 CTF and I was excited to work with several others to collaborate on the CTF and find the flag. I'll write up the solution process and vulnerabilities involved in the solution: Knowledge basic of S3 operations XML External Entities and Local File Exfiltration SQL...

8.9AI score

Exploits0

NVD•added 2021/03/03 8:15 p.m.•9 views

CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

9.1CVSS0.89416EPSS

Exploits1References1