1909 matches found
SpringBlade 代码问题漏洞
SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from XML external entity injection in the /designer/loadReport endpoint, which may allow authenticated attackers to execute arbitrary...
CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...
CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...
CVE-2024-2374
The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...
EUVD-2026-22049
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-40042
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-40042
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
PT-2026-32496
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika
Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...
CVE-2026-34401
XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...
CVE-2026-32251
Tolgee is affected by CVE-2026-32251 before version 3.166.3. The XML parsers used for importing Android XML resources (.xml) and .resx files do not disable external entity processing, allowing an authenticated user who can import translation files to read arbitrary server files and perform server...
XML External Entity Injection Vulnerability in IBM Db2
IBM Db2 is the United States International Business Machines IBM company developed a set of relational database management system, it is the main operating environment for UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. An XML external entit...
Incorrect Regular Expression
Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Incorrect Regular Expression in the entity parsing RegEx in DOCTYPE declarations. An attacker can inject arbitrary values that overrid...
PT-2026-8258
CVE-2025-35976 - Apache Struts XML External Entity XXE Injection CVE ID : CVE-2025-35976 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the...
CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
PT-2026-7979
CVE-2026-26041 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2026-26041 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...