2 matches found
CVE-2025-48382
CVE-2025-48382 — Fess insecure temporary file permissions Fess (enterprise search server) is affected by createTempFile() in org.codelibs.fess.helper.SystemHelper, which creates temporary files without restrictive permissions. This can lead to information disclosure by local attackers in multi-us...
CVE-2018-1000822
CVE-2018-1000822 : The vulnerability affects codelibs fess version before the commit faa265b, where the GSA XML file parser is vulnerable to XML External Entity (XXE). This can lead to disclosure of confidential data, denial of service, SSRF, and port scanning when processing specially crafted GS...