63 matches found
CVE-2026-40998 Jaxp13 XPath XXE via StreamSource and SAXSource
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...
EUVD-2026-36208
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the escapeandappend function in the document-builder API when processing very large input strings on platforms with limited sizet width. An attacker can cause out-of-bounds memory reads, potentially...
CVE-2026-8295
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...
EUVD-2026-30265
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...
CVE-2026-8295
The CVE-2026-8295 issue affects simdjson’s document-builder API, specifically the string_builder::escape_and_append() path. An integer overflow can occur when processing very large input strings on platforms with limited size_t width (e.g., 32-bit builds), causing insufficient buffer allocation a...
CVE-2026-8295 Integer overflow in simdjson
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...
CVE-2026-8295
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...
PT-2026-40904
An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string builder::escape and append" when processing very large input strings on platforms with limited "size t" width e.g., 32-bit builds. The overflow can cause insufficient buffer...
XML External Entity (XXE)
org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...
CVE-2024-39591
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application...
GHSA-FCQJ-76G3-Q7QM Bio-Formats has an XML External Entity (XXE) vulnerability
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2026-22186
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2026-22186
Bio-Formats up to 8.3.0 is affected by an XXE flaw in the Leica Microsystems metadata parsing (XLEF). The issue stems from insecure configuration of DocumentBuilderFactory when parsing Leica XML-based metadata, allowing external entity expansion and external DTD loading. Exploitation can trigger ...
Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...
EUVD-2014-0414
Malware in sbrugna...
EUVD-2024-34982
Malicious code in bioql PyPI...
XML External Entity (XXE) Injection
org.apache.jackrabbit, jackrabbit-spi-commons, jackrabbit-core is vulnerable to XML External Entity XXE injection. The vulnerability is due to the use of an unsecured document builder to load privileges, which allows an attacker to exploit XXE and potentially access sensitive files or perform...
CVE-2024-34683
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser...
The vulnerability of SAP Document Builder in creating and managing documents, related to deficiencies in the authorization process, allows attackers to escalate their privileges.
The vulnerability of SAP Document Builder, a tool for creating and managing documents, is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow attackers to gain increased privileges remotely...