Latest CVE Feed
-
7.5
HIGHCVE-2021-21341
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of ... Read more
Affected Products : fedora debian_linux oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform communications_unified_inventory_management +4 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
4.7
MEDIUMCVE-2024-13627
The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : owl_carousel_slider- Published: Feb. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.1
CRITICALCVE-2021-21351
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input str... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
6.5
MEDIUMCVE-2024-13356
The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unaut... Read more
Affected Products : dsgvo_all_in_one_for_wp- Published: Feb. 04, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.4
MEDIUMCVE-2024-13733
The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output esc... Read more
Affected Products : skt_blocks- Published: Feb. 04, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-24804
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric c... Read more
Affected Products : mobile_security_framework- Published: Feb. 05, 2025
- Modified: May. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-24805
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materia... Read more
Affected Products : mobile_security_framework- Published: Feb. 05, 2025
- Modified: May. 23, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. ... Read more
- Published: May. 15, 2019
- Modified: May. 23, 2025
-
9.3
HIGHCVE-2020-26217
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone usin... Read more
- Published: Nov. 16, 2020
- Modified: May. 23, 2025
-
6.8
MEDIUMCVE-2020-26259
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary kno... Read more
- Published: Dec. 16, 2020
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting ... Read more
- Published: Feb. 01, 2022
- Modified: May. 23, 2025
-
7.7
HIGHCVE-2020-26258
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from int... Read more
- Published: Dec. 16, 2020
- Modified: May. 23, 2025
-
8.8
HIGHCVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is on... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39141
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39145
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39147
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a deni... Read more
- Published: Sep. 16, 2022
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2022-40152
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This e... Read more
- Published: Sep. 16, 2022
- Modified: May. 23, 2025
-
8.2
HIGHCVE-2022-41966
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The at... Read more
- Published: Dec. 28, 2022
- Modified: May. 23, 2025
-
6.5
MEDIUMCVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload result... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025