Lucene search
+L

1909 matches found

CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

SpringBlade 代码问题漏洞

SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from XML external entity injection in the /designer/loadReport endpoint, which may allow authenticated attackers to execute arbitrary...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/16 9:39 a.m.8 views

CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

3.5CVSS5.8AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/16 9:39 a.m.34 views

CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

3.5CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 8:12 a.m.16 views

CVE-2024-2374

The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...

9.1CVSS5.7AI score0.00377EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 8:12 a.m.5 views

CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

7.5CVSS5.7AI score0.00377EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 9:30 p.m.5 views

EUVD-2026-22049

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 7:16 p.m.10 views

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS0.00373EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 6:10 p.m.2 views

CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:10 p.m.4 views

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.20 views

CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS0.00373EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32496

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/10 7:5 p.m.1 views

CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

5.3CVSS5.9AI score0.0022EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 4:0 p.m.12 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika

Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...

9.8CVSS7.1AI score0.79807EPSS
Exploits6Affected Software1
CVE
CVE
added 2026/03/31 9:5 p.m.56 views

CVE-2026-34401

XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...

6.5CVSS5.7AI score0.00986EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/12 7:21 p.m.14 views

CVE-2026-32251

Tolgee is affected by CVE-2026-32251 before version 3.166.3. The XML parsers used for importing Android XML resources (.xml) and .resx files do not disable external entity processing, allowing an authenticated user who can import translation files to read arbitrary server files and perform server...

9.3CVSS5.9AI score0.00424EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2026/03/02 12:0 a.m.3 views

XML External Entity Injection Vulnerability in IBM Db2

IBM Db2 is the United States International Business Machines IBM company developed a set of relational database management system, it is the main operating environment for UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. An XML external entit...

8.2CVSS6.5AI score0.00296EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/20 6:23 p.m.5 views

Incorrect Regular Expression

Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Incorrect Regular Expression in the entity parsing RegEx in DOCTYPE declarations. An attacker can inject arbitrary values that overrid...

9.3CVSS5.7AI score0.00445EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.6 views

PT-2026-8258

CVE-2025-35976 - Apache Struts XML External Entity XXE Injection CVE ID : CVE-2025-35976 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the...

5.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 8:37 p.m.4 views

CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...

6.7CVSS5.6AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-7979

CVE-2026-26041 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2026-26041 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score
Exploits0References1
Rows per page
Query Builder