Latest CVE Feed
-
6.8
MEDIUMCVE-2020-26259
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary kno... Read more
- Published: Dec. 16, 2020
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting ... Read more
- Published: Feb. 01, 2022
- Modified: May. 23, 2025
-
7.7
HIGHCVE-2020-26258
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from int... Read more
- Published: Dec. 16, 2020
- Modified: May. 23, 2025
-
8.8
HIGHCVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is on... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39141
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39145
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39147
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a deni... Read more
- Published: Sep. 16, 2022
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2022-40152
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This e... Read more
- Published: Sep. 16, 2022
- Modified: May. 23, 2025
-
8.2
HIGHCVE-2022-41966
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The at... Read more
- Published: Dec. 28, 2022
- Modified: May. 23, 2025
-
6.5
MEDIUMCVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload result... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39153
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the... Read more
Affected Products : fedora debian_linux snapmanager communications_cloud_native_core_policy webcenter_portal xstream communications_unified_inventory_management utilities_framework communications_cloud_native_core_automated_test_suite communications_billing_and_revenue_management_elastic_charging_engine +4 more products- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39149
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39151
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39144
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is a... Read more
- Actively Exploited
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
4.7
MEDIUMCVE-2025-0522
The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more
Affected Products : likebot- Published: Feb. 06, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.5
HIGHCVE-2021-39146
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39148
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is a... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input st... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025
-
8.5
HIGHCVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input st... Read more
- Published: Aug. 23, 2021
- Modified: May. 23, 2025