57 matches found
CVE-2021-27736
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...
CVE-2026-22186
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
EUVD-2014-3554
Malware in sbrugna...
EUVD-2025-3139
Malicious code in bioql PyPI...
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory
Summary A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitra...
GHSA-H7QF-QMF3-85QG Allure Report allows Improper XXE Restriction via DocumentBuilderFactory
Summary A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitra...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...
CVE-2023-46502
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...
CVE-2025-23195
An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...
CVE-2025-23195 Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...
XML External Entity (XXE) Injection
org.powertac:server-interface is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation in the DocumentBuilderFactory component, allowing attackers to access sensitive information or execute arbitrary code via crafted XML entities...
GHSA-PGRC-8WP5-5MVQ powertac-server XML External Entity vulnerability
An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
powertac-server XML External Entity vulnerability
An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
CVE-2024-51135
An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
CVE-2024-51135
An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
CVE-2024-38374
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
CVE-2024-38374
CVE-2024-38374 affects CycloneDX core (cyclonedx-core-java): before deserializing XML BOMs, an insecurely configured DocumentBuilderFactory used in XPath evaluation allowed XXE injection. The issue was fixed in cyclonedx-core-java 9.0.4; later notes indicate the XML Validator path was also affect...
XML External Entity (XXE)
org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...
XML External Entity Injection
OpenCRX is vulnerable to XML External Entity injection XXE. The vulnerability is due to improper input sanitization in the DocumentBuilderFactory function . This can potentially lead to server side request forgery attacks...
CVE-2023-46502
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...