CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3 matches found

SUSE CVE•added 2026/05/05 1:45 a.m.•2 views

SUSE CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00113EPSS

Exploits0References3

Debian CVE•added 2026/05/04 4:55 p.m.•3 views

CVE-2026-40682

9.1CVSS5.8AI score0.00113EPSS

Exploits0

CVE•added 2026/05/04 4:55 p.m.•10 views

CVE-2026-40682

CVE-2026-40682 (Apache OpenNLP) XXE in DictionaryEntryPersistor via unsanitized dictionary parsing. The DictionaryEntryPersistor initializes a static SAXParserFactory at class-load time without enabling secure features, leaving DOCTYPE processing and external entity resolution enabled. When Dicti...

9.1CVSS5.8AI score0.00113EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by