CVE-2024-34580

EPSS 0.02% · P5 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-34580

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Santuario 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Santuario是美国阿帕奇（Apache）基金会的一套实现XML的主要安全标准，它包含两个库：Apache XML Security for Java和Apache XML Security for C++。 Apache Santuario 存在安全漏洞，该漏洞源于针对 KeyInfo 元素中的服务器端请求伪造载荷提供保护。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2024-34580

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-34580

请登录查看更多情报信息。

Same Patch Batch · n/a · 2024-06-26 · 20 CVEs total

CVE-2024-21520	6.1 MEDIUM	Django REST framework 安全漏洞
CVE-2024-38950		Libde265 安全漏洞
CVE-2023-26877		SoftExpert Excellence Suite 安全漏洞
CVE-2024-36829		Teldat M1 安全漏洞
CVE-2024-33327		LumisXP 安全漏洞
CVE-2024-33328		LumisXP 安全漏洞
CVE-2024-33329		LumisXP 安全漏洞
CVE-2024-33326		Lumisxp 安全漏洞
CVE-2024-37734		OpenEMR 安全漏洞
CVE-2024-37571		SAS Broker 安全漏洞
CVE-2024-38949		Libde265 安全漏洞
CVE-2024-23766		HMS Networks Anybus X-Gateway AB7832-F3 安全漏洞
CVE-2024-23765		HMS Networks Anybus X-Gateway AB7832-F3 安全漏洞
CVE-2024-23767		HMS Networks Anybus X-Gateway AB7832-F3 安全漏洞
CVE-2024-35545		MAPOS 安全漏洞
CVE-2024-39243		skycaiji 安全漏洞
CVE-2024-39242		skycaiji 安全漏洞
CVE-2024-39241		skycaiji 安全漏洞
CVE-2024-34581		W3C XML Signature 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2024-34580

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-34580

I. Basic Information for CVE-2024-34580

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-34580

III. Intelligence Information for CVE-2024-34580

Same Patch Batch · n/a · 2024-06-26 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-34580

Leave a comment