1909 matches found
PT-2026-1173
CVE-2025-34137 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-34137 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...
CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection
KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...
KYOCERA Net Admin 安全漏洞
KYOCERA Net Admin is an enterprise-level device management platform from KYOCERA, Inc. A security vulnerability exists in KYOCERA Net Admin version 3.4.0906, which stems from the mishandling of XML files by the Multi-Set Template Editor, which could lead to an XML external entity injection attack...
PT-2025-53396
CVE-2023-5092 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2023-5092 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more details...
XML External Entity (XXE) Injection
org.wso2.am:am-distribution-parent are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without sufficient restrictions, which allows an attacker to supply malicious XML to read sensitive files or trigger denial-of-service...
XML External Entity (XXE) Injection
Jenkins CCCC Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without XXE protection, which allows an attacker to process malicious XML input and access sensitive resources...
Apache Tika has XXE vulnerability
Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...
CVE-2025-65868
XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...
PT-2025-48995
Name of the Vulnerable Software and Affected Versions eyoucms version 1.7.1 Description The software is susceptible to an XML External Entity XXE injection. A remote attacker can exploit this by sending a specially crafted POST request body, potentially leading to a denial of service...
CVE-2025-65868
XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...
EyouCMS 安全漏洞
EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS v1.7.1, which originates from XML external entity injection and could lead to a denial of service attack...
cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
CVE-2025-66370
Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...
N-able N-central 安全漏洞
N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4, which originates from XML external enti...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
EUVD-2025-37511
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2025-12531 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
IBM InfoSphere Information Server 代码问题漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A code issue vulnerability exists in IBM InfoSphere Information Server versions 11.7.0.0 through...
EUVD-2011-3559
Malware in sbrugna...