Search Results (3176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-45718 1 Hcltech 1 Sametime 2025-06-03 3.9 Low
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.  
CVE-2024-0350 1 Engineers Online Portal Project 1 Engineers Online Portal 2025-06-03 3.1 Low
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.
CVE-2023-45139 1 Fonttools 1 Fonttools 2025-06-03 7.5 High
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.
CVE-2024-21722 1 Joomla 1 Joomla\! 2025-06-02 6.3 Medium
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
CVE-2024-23525 1 Tozt 1 Spreadsheet\ 2025-06-02 6.5 Medium
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
CVE-2018-20843 8 Canonical, Debian, Fedoraproject and 5 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2025-05-30 7.5 High
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
CVE-2023-28152 1 Independentsoft 1 Jword 2025-05-30 5.3 Medium
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-28151 1 Independentsoft 1 Jspreadsheet 2025-05-30 5.3 Medium
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-28150 1 Independentsoft 1 Jodf 2025-05-30 5.3 Medium
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2020-36772 1 Cloudlinux 1 Cagefs 2025-05-30 4.4 Medium
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
CVE-2022-34716 2 Microsoft, Redhat 5 .net, .net Core, Powershell and 2 more 2025-05-29 5.9 Medium
.NET Spoofing Vulnerability
CVE-2019-5641 1 Rapid7 1 Insightvm 2025-05-29 3.3 Low
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
CVE-2023-4554 3 Linux, Microsoft, Opentext 3 Linux Kernel, Windows, Appbuilder 2025-05-29 4.9 Medium
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.
CVE-2023-32843 1 Mediatek 36 Mt2735, Mt2737, Mt6297 and 33 more 2025-05-29 7.5 High
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).
CVE-2022-41226 1 Jenkins 1 Compuware Common Configuration 2025-05-28 9.8 Critical
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-2888 1 Octoprint 1 Octoprint 2025-05-28 4.4 Medium
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
CVE-2022-41241 1 Jenkins 1 Rqm 2025-05-28 9.8 Critical
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-3251 1 Ikus-soft 1 Minarca 2025-05-28 5.3 Medium
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.
CVE-2022-3250 1 Ikus-soft 1 Rdiffweb 2025-05-28 5.3 Medium
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.
CVE-2023-6618 1 Oretnom23 1 Simple Student Attendance System 2025-05-27 5.5 Medium
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.