Vendor
Gchq
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- Cyberchef1 CVEnpm
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000651 | Cri | 0.65 | 10.0 | 0.02 | Aug 20, 2018 | Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. | ||
| CVE-2025-25182 | Cri | 0.54 | 9.4 | 0.01 | Feb 12, 2025 | Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a… | ||
| CVE-2026-42615 | Hig | 0.40 | 7.2 | 0.00 | Apr 29, 2026 | GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring. |
- risk 0.65cvss 10.0epss 0.02
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.
- risk 0.54cvss 9.4epss 0.01
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a…
- risk 0.40cvss 7.2epss 0.00
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.