1905 matches found
IBM Business Automation Workflow 代码问题漏洞
IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow containers V25.0....
Atlassian Crowd Data Center security vulnerabilities
Atlassian Crowd Data Center is the cluster deployment version of Atlassian's Crowd platform by Australia-based company Atlassian. Versions of Atlassian Crowd Data Center 7.1.0 and later contain security vulnerabilities. These vulnerabilities stem from XML external entity injections, which may lea...
MiracleLinux 8 : dotnet6.0-6.0.108-1.el8.ML.1 (AXSA:2022-3785:11)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3785:11 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : dotnet3.1-3.1.422-1.el8.ML.1 (AXSA:2022-3776:10)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3776:10 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : dotnet6.0-6.0.108-1.el9.ML.1 (AXSA:2022-4039:17)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4039:17 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...
CVE-2025-14478
CVE-2025-14478 (Demo Importer Plus, WordPress) : The Demo Importer Plus plugin is vulnerable to XML External Entity (XXE) injection via SVG file uploads in all versions up to 2.0.9. Exploitation requires authentication at Author level or higher, and, in affected PHP configurations (older than 8.0...
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
WordPress Plugin Demo Importer Plus code issue and vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Apache Struts 安全漏洞
Apache Struts is an open source project of the U.S. Apache Apache Foundation , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts version 2.0.0 to version 2.3.37 ...
CVE-2018-18980
An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...
CVE-2021-27741
" Security vulnerability in HCL Commerce Management Center allowing XML external entity XXE injection"...
CVE-2021-22498
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management Previously known as Quality Center product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML...
CVE-2022-31447
An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...
CVE-2020-10992
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java...
CVE-2023-45192
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758...
CVE-2022-38389
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975...
CVE-2024-39726
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
PT-2026-1173
CVE-2025-34137 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-34137 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...
CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection
KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...
KYOCERA Net Admin 安全漏洞
KYOCERA Net Admin is an enterprise-level device management platform from KYOCERA, Inc. A security vulnerability exists in KYOCERA Net Admin version 3.4.0906, which stems from the mishandling of XML files by the Multi-Set Template Editor, which could lead to an XML external entity injection attack...