#xxe — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #xxe, aggregated by home.social.
-
CISA Warns of Data Theft Bug in NSA-Built OT Networking Tool
A critical vulnerability, CVE-2026-6807, has been discovered in an NSA-built networking tool that could allow hackers to steal sensitive information by exploiting an XML parsing weakness. If left unpatched, this flaw could lead to devastating data breaches.
-
⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
-
⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
-
⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
-
⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
-
Gitlab, A Foxy Recipe For Success — An XXE & A Mouth-Watering $66,000 Bounty
This vulnerability was a combination of XML External Entity (XXE) Injection and Cross-Site Scripting (XSS). The application used an external library without proper input validation, allowing the researcher to inject malicious XML payloads. By exploiting this XXE, they could read arbitrary files from the server's file system, including sensitive configuration files containing internal API keys. Additionally, the XXE triggered an XSS vulnerability when outputting the parsed XML content, enabling attackers to execute arbitrary JavaScript in the victim's browser. The researcher received a $66,000 bounty for discovering this critical flaw. To mitigate such attacks, ensure proper input validation of external libraries and restrict access to sensitive files through the use of least privilege principles. Key lesson: Validate inputs at multiple layers, and don't trust third-party libraries blindly. #BugBounty #Cybersecurity #WebSecurity #XXE #XSS -
Gitlab, A Foxy Recipe For Success — An XXE & A Mouth-Watering $66,000 Bounty
This vulnerability was a combination of XML External Entity (XXE) Injection and Cross-Site Scripting (XSS). The application used an external library without proper input validation, allowing the researcher to inject malicious XML payloads. By exploiting this XXE, they could read arbitrary files from the server's file system, including sensitive configuration files containing internal API keys. Additionally, the XXE triggered an XSS vulnerability when outputting the parsed XML content, enabling attackers to execute arbitrary JavaScript in the victim's browser. The researcher received a $66,000 bounty for discovering this critical flaw. To mitigate such attacks, ensure proper input validation of external libraries and restrict access to sensitive files through the use of least privilege principles. Key lesson: Validate inputs at multiple layers, and don't trust third-party libraries blindly. #BugBounty #Cybersecurity #WebSecurity #XXE #XSS -
https://www.europesays.com/fr/607903/ « Nous sommes toujours en travaux », son château du XXe siècle, une bâtisse bourgeoise avec 12 chambres au cœur de la Picardie #12 #au #avec #bâtisse #bourgeoise #chambres #chateau #Cœur #DE #Divertissement #du #En #Entertainment #FR #France #francky #l'a #Nous #people #Picardie #siècle #sommes #son #toujours #Travaux #une #Vincent #xxe
-
Security issues with electronic invoices
https://invoice.secvuln.info/
#ycombinator #xxe #xml #einvoice #en16931 #xslt #xslt20 #java #saxon -
Security issues with electronic invoices
https://invoice.secvuln.info/
#ycombinator #xxe #xml #einvoice #en16931 #xslt #xslt20 #java #saxon -
Security issues with electronic invoices
https://invoice.secvuln.info/
#ycombinator #xxe #xml #einvoice #en16931 #xslt #xslt20 #java #saxon -
Security issues with electronic invoices
https://invoice.secvuln.info/
#ycombinator #xxe #xml #einvoice #en16931 #xslt #xslt20 #java #saxon -
⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! https://radar.offseq.com/threat/critical-xxe-bug-cve-2025-66516-cvss-100-hits-apac-d08561e7 #OffSeq #ApacheTika #XXE #Security
-
⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! https://radar.offseq.com/threat/critical-xxe-bug-cve-2025-66516-cvss-100-hits-apac-d08561e7 #OffSeq #ApacheTika #XXE #Security
-
⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! https://radar.offseq.com/threat/critical-xxe-bug-cve-2025-66516-cvss-100-hits-apac-d08561e7 #OffSeq #ApacheTika #XXE #Security
-
⚠️ CRITICAL XXE bug (CVE-2025-66516, CVSS 10.0) in Apache Tika (tika-core, tika-pdf-module, tika-parsers). Exploitation via crafted PDFs can lead to file disclosure & RCE. Upgrade to 3.2.2+ ASAP! https://radar.offseq.com/threat/critical-xxe-bug-cve-2025-66516-cvss-100-hits-apac-d08561e7 #OffSeq #ApacheTika #XXE #Security
-
🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! https://radar.offseq.com/threat/cve-2025-66516-cwe-611-improper-restriction-of-xml-fa601313 #OffSeq #ApacheTika #XXE #Vuln
-
🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! https://radar.offseq.com/threat/cve-2025-66516-cwe-611-improper-restriction-of-xml-fa601313 #OffSeq #ApacheTika #XXE #Vuln
-
🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! https://radar.offseq.com/threat/cve-2025-66516-cwe-611-improper-restriction-of-xml-fa601313 #OffSeq #ApacheTika #XXE #Vuln
-
🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! https://radar.offseq.com/threat/cve-2025-66516-cwe-611-improper-restriction-of-xml-fa601313 #OffSeq #ApacheTika #XXE #Vuln
-
Une souscription lancée pour restaurer le piano d’un compositeur français du XXe siècle
Les biographes de Samson François, pianiste et compositeur français spécialiste du répertoire romantique, ont lancé une souscription pour…
#Rennes #FR #France #Actu #News #Europe #EU #actu #Actualités #bretagne #compositeur #europe #français #lancée #piano #Républiquefrançaise #restaurer #siècle #souscription #xxe
https://www.europesays.com/fr/455332/ -
https://www.europesays.com/fr/455332/ Une souscription lancée pour restaurer le piano d’un compositeur français du XXe siècle #actu #Actualités #bretagne #compositeur #EU #europe #FR #français #France #lancée #News #piano #Rennes #RépubliqueFrançaise #restaurer #siècle #souscription #xxe
-
XXE trong React.js: Lỗ hổng XML External Entity và cách phòng tránh. Đảm bảo an toàn bằng cách kiểm tra phía server, chặn DOCTYPE và entity bên ngoài, giới hạn kích thước.
#XXE #ReactJS #BảoMật #AppSec #XML #CyberSecurity #AnToanThongTinhttps://dev.to/pentest_testing_corp/xxe-injection-in-reactjs-what-it-is-and-how-to-prevent-it-50j6
-
https://www.europesays.com/fr/340393/ Au début du XXe siècle, Gaby Deslys, portrait d’une étoile du music-hall à la conquête du monde #2025 #actu #Actualités #début #Deslys #dune #étoilé #EU #europe #FR #France #Gaby #Marseille #News #portrait #ProvenceAlpesCôteD'Azur #Région #RépubliqueFrançaise #XXe siècle
-
Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
-
Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
-
Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
-
Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
-
Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.
https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
-
Уязвимости XXE в разрезе Java
В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.
https://habr.com/ru/companies/axiomjdk/articles/934388/
#XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat
-
Уязвимости XXE в разрезе Java
В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.
https://habr.com/ru/companies/axiomjdk/articles/934388/
#XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat
-
Уязвимости XXE в разрезе Java
В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.
https://habr.com/ru/companies/axiomjdk/articles/934388/
#XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat
-
Уязвимости XXE в разрезе Java
В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.
https://habr.com/ru/companies/axiomjdk/articles/934388/
#XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat
-
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:
#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation
-
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:
#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation
-
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:
#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation
-
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:
#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation
-
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:
#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation
-
License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news
-
License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news
-
License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news
-
License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news
-
License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news
-
Dont Stop Believing Anonymous youtu.be/9HK-MLamafs?... #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security
Dont Stop Believing Anonymous ... -
Dont Stop Believing Anonymous youtu.be/9HK-MLamafs?... #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security
Dont Stop Believing Anonymous ... -
Dont Stop Believing Anonymous youtu.be/9HK-MLamafs?... #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security
Dont Stop Believing Anonymous ... -
Dont Stop Believing Anonymous youtu.be/9HK-MLamafs?... #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security
Dont Stop Believing Anonymous ... -
Dont Stop Believing Anonymous youtu.be/9HK-MLamafs?... #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security
Dont Stop Believing Anonymous ...