untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local...
7.5CVSS
7.3AI Score
0.002EPSS
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where...
7.5CVSS
7.4AI Score
0.004EPSS
5.3CVSS
5.4AI Score
0.001EPSS
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin...
7.2CVSS
7.2AI Score
0.001EPSS
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored...
4.8CVSS
5AI Score
0.001EPSS
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin...
7.2CVSS
7.1AI Score
0.002EPSS
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input...
4.8CVSS
4.9AI Score
0.001EPSS