SecurityWeek

Recent GeoServer Vulnerability Exploited in Attacks

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The US cybersecurity agency CISA on Thursday warned that threat ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. A critical-severity vulnerability in the Apache Tika open source analysis ...