Search Results (1303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37233 1 Loftware 1 Spectrum 2024-09-18 8.8 High
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
CVE-2024-45048 2 Phpoffice, Phpspreadsheet Project 2 Phpspreadsheet, Phpspreadsheet 2024-09-04 8.8 High
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This vulnerability has been addressed in release version 2.2.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-38653 1 Ivanti 1 Avalanche 2024-08-15 7.5 High
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.