home.social

#xxe — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #xxe, aggregated by home.social.

  1. CISA Warns of Data Theft Bug in NSA-Built OT Networking Tool

    A critical vulnerability, CVE-2026-6807, has been discovered in an NSA-built networking tool that could allow hackers to steal sensitive information by exploiting an XML parsing weakness. If left unpatched, this flaw could lead to devastating data breaches.

    osintsights.com/cisa-warns-of-

    #Cve20266807 #XmlExternalEntity #Xxe #Grassmarlin #Nsa

  2. ⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202632251 #infosec #XXE

  3. ⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202632251 #infosec #XXE

  4. ⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202632251 #infosec #XXE

  5. ⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202632251 #infosec #XXE

  6. Gitlab, A Foxy Recipe For Success — An XXE & A Mouth-Watering $66,000 Bounty
    This vulnerability was a combination of XML External Entity (XXE) Injection and Cross-Site Scripting (XSS). The application used an external library without proper input validation, allowing the researcher to inject malicious XML payloads. By exploiting this XXE, they could read arbitrary files from the server's file system, including sensitive configuration files containing internal API keys. Additionally, the XXE triggered an XSS vulnerability when outputting the parsed XML content, enabling attackers to execute arbitrary JavaScript in the victim's browser. The researcher received a $66,000 bounty for discovering this critical flaw. To mitigate such attacks, ensure proper input validation of external libraries and restrict access to sensitive files through the use of least privilege principles. Key lesson: Validate inputs at multiple layers, and don't trust third-party libraries blindly. #BugBounty #Cybersecurity #WebSecurity #XXE #XSS

    medium.com/@justas_b_2/gitlab-

  7. Gitlab, A Foxy Recipe For Success — An XXE & A Mouth-Watering $66,000 Bounty
    This vulnerability was a combination of XML External Entity (XXE) Injection and Cross-Site Scripting (XSS). The application used an external library without proper input validation, allowing the researcher to inject malicious XML payloads. By exploiting this XXE, they could read arbitrary files from the server's file system, including sensitive configuration files containing internal API keys. Additionally, the XXE triggered an XSS vulnerability when outputting the parsed XML content, enabling attackers to execute arbitrary JavaScript in the victim's browser. The researcher received a $66,000 bounty for discovering this critical flaw. To mitigate such attacks, ensure proper input validation of external libraries and restrict access to sensitive files through the use of least privilege principles. Key lesson: Validate inputs at multiple layers, and don't trust third-party libraries blindly. #BugBounty #Cybersecurity #WebSecurity #XXE #XSS

    medium.com/@justas_b_2/gitlab-

  8. ⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! radar.offseq.com/threat/critic #OffSeq #ApacheTika #XXE #Security

  9. ⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! radar.offseq.com/threat/critic #OffSeq #ApacheTika #XXE #Security

  10. ⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! radar.offseq.com/threat/critic #OffSeq #ApacheTika #XXE #Security

  11. ⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! radar.offseq.com/threat/critic #OffSeq #ApacheTika #XXE #Security

  12. 🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! radar.offseq.com/threat/cve-20 #OffSeq #ApacheTika #XXE #Vuln

  13. 🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! radar.offseq.com/threat/cve-20 #OffSeq #ApacheTika #XXE #Vuln

  14. 🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! radar.offseq.com/threat/cve-20 #OffSeq #ApacheTika #XXE #Vuln

  15. 🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! radar.offseq.com/threat/cve-20 #OffSeq #ApacheTika #XXE #Vuln

  16. Une souscription lancée pour restaurer le piano d’un compositeur français du XXe siècle

    Les biographes de Samson François, pianiste et compositeur français spécialiste du répertoire romantique, ont lancé une souscription pour…
    #Rennes #FR #France #Actu #News #Europe #EU #actu #Actualités #bretagne #compositeur #europe #français #lancée #piano #Républiquefrançaise #restaurer #siècle #souscription #xxe
    europesays.com/fr/455332/

  17. XXE trong React.js: Lỗ hổng XML External Entity và cách phòng tránh. Đảm bảo an toàn bằng cách kiểm tra phía server, chặn DOCTYPE và entity bên ngoài, giới hạn kích thước.
    #XXE #ReactJS #BảoMật #AppSec #XML #CyberSecurity #AnToanThongTin

    dev.to/pentest_testing_corp/xx

  18. Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.

    horizon3.ai/attack-research/at

    #cve #xxe

  19. Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.

    horizon3.ai/attack-research/at

    #cve #xxe

  20. Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.

    horizon3.ai/attack-research/at

    #cve #xxe

  21. Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.

    horizon3.ai/attack-research/at

    #cve #xxe

  22. Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.

    horizon3.ai/attack-research/at

    #cve #xxe

  23. Уязвимости XXE в разрезе Java

    В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.

    habr.com/ru/companies/axiomjdk

    #XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat

  24. Уязвимости XXE в разрезе Java

    В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.

    habr.com/ru/companies/axiomjdk

    #XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat

  25. Уязвимости XXE в разрезе Java

    В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.

    habr.com/ru/companies/axiomjdk

    #XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat

  26. Уязвимости XXE в разрезе Java

    В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.

    habr.com/ru/companies/axiomjdk

    #XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat

  27. License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news

  28. License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news

  29. License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news

  30. License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news

  31. License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news