Symfony XML decoding attack vector through external entities

The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server ...

Continue Reading
OpenSSL UAF Vulnerability (20240528) – Linux

OpenSSL is prone to a use after free (UAF)...Read More ...

Continue Reading
OpenSSL UAF Vulnerability (20240528) – Windows

OpenSSL is prone to a use after free (UAF)...Read More ...

Continue Reading
Symfony XML decoding attack vector through external entities

The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server ...

Continue Reading
CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 – Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, ...

Continue Reading
CVE-2024-3277

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, ...

Continue Reading
Symfony XML decoding attack vector through external entities

The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server ...

Continue Reading
Nautobot dynamic-group-members doesn’t enforce permission restrictions on member objects

Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/ ...

Continue Reading

Back to Main

Subscribe for the latest news: