cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2022-44730,https://securityvulnerability.io/vulnerability/CVE-2022-44730,Apache XML Graphics Batik: Information disclosure vulnerability,"Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. ",Apache,Apache Xml Graphics Batik,4.4,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-22T19:16:00.000Z,0 CVE-2022-44729,https://securityvulnerability.io/vulnerability/CVE-2022-44729,Apache XML Graphics Batik: Information disclosure vulnerability,"A Server-Side Request Forgery (SSRF) vulnerability exists in version 1.16 of Apache XML Graphics Batik. This flaw can be exploited when a malicious SVG file causes the application to load external resources by default. This behavior may lead to excessive resource consumption and can result in unauthorized information disclosure. To safeguard against these risks, users are advised to upgrade to version 1.17 or a later version.",Apache,Apache Xml Graphics Batik,7.1,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-08-22T19:16:00.000Z,0 CVE-2022-42890,https://securityvulnerability.io/vulnerability/CVE-2022-42890,Apache Batik prior to 1.16 allows RCE via scripting,A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.,Apache,Apache Xml Graphics,7.5,HIGH,0.006750000175088644,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0 CVE-2022-41704,https://securityvulnerability.io/vulnerability/CVE-2022-41704,Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input,A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.,Apache,Apache Xml Graphics,7.5,HIGH,0.0057299998588860035,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0 CVE-2022-40146,https://securityvulnerability.io/vulnerability/CVE-2022-40146,Jar url should be blocked by DefaultScriptSecurity,Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.,Apache,Apache Xml Graphics,7.5,HIGH,0.001879999996162951,false,,false,false,true,2022-11-01T03:41:36.000Z,true,false,false,,2022-09-22T14:45:17.000Z,0 CVE-2022-38398,https://securityvulnerability.io/vulnerability/CVE-2022-38398,Server-Side Request Forgery Information Disclosure Vulnerability,Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.,Apache,Apache Xml Graphics,5.3,MEDIUM,0.0019099999917671084,false,,false,false,false,,,false,false,,2022-09-22T14:45:15.000Z,0 CVE-2022-38648,https://securityvulnerability.io/vulnerability/CVE-2022-38648,PDFTranscoder does not block external resources,Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.,Apache,Apache Xml Graphics,5.3,MEDIUM,0.0014799999771639705,false,,false,false,false,,,false,false,,2022-09-22T00:00:00.000Z,0