Lucene search
+L

1909 matches found

Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.12 views

PT-2026-1173

CVE-2025-34137 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-34137 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...

6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/24 7:28 p.m.6 views

CVE-2019-25253 KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...

7.5CVSS7AI score0.00754EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.6 views

KYOCERA Net Admin 安全漏洞

KYOCERA Net Admin is an enterprise-level device management platform from KYOCERA, Inc. A security vulnerability exists in KYOCERA Net Admin version 3.4.0906, which stems from the mishandling of XML files by the Multi-Set Template Editor, which could lead to an XML external entity injection attack...

7.5CVSS7.1AI score0.00754EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.6 views

PT-2025-53396

CVE-2023-5092 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2023-5092 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more details...

6.7AI score
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:53 a.m.8 views

XML External Entity (XXE) Injection

org.wso2.am:am-distribution-parent are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without sufficient restrictions, which allows an attacker to supply malicious XML to read sensitive files or trigger denial-of-service...

9.1CVSS5.8AI score0.01146EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 4:43 a.m.8 views

XML External Entity (XXE) Injection

Jenkins CCCC Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without XXE protection, which allows an attacker to process malicious XML input and access sensitive resources...

9.8CVSS8.4AI score0.01057EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.14 views

Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS7.2AI score0.79807EPSS
Exploits5References4Affected Software3
NVD
NVD
added 2025/12/03 9:15 p.m.6 views

CVE-2025-65868

XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...

9.1CVSS0.00372EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.12 views

PT-2025-48995

Name of the Vulnerable Software and Affected Versions eyoucms version 1.7.1 Description The software is susceptible to an XML External Entity XXE injection. A remote attacker can exploit this by sending a specially crafted POST request body, potentially leading to a denial of service...

9.1CVSS6.9AI score0.00372EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.4 views

CVE-2025-65868

XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...

6.8AI score0.00372EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.8 views

EyouCMS 安全漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS v1.7.1, which originates from XML external entity injection and could lead to a denial of service attack...

9.1CVSS6.9AI score0.00372EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/12/01 9:2 p.m.6 views

cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/11/28 12:0 a.m.8 views

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS0.00292EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.34 views

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4, which originates from XML external enti...

8.4CVSS6.7AI score0.307EPSS
Exploits2References2
NVD
NVD
added 2025/11/06 7:15 p.m.6 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS0.0046EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 7:15 p.m.3 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS5.8AI score0.0046EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/03 9:34 p.m.6 views

EUVD-2025-37511

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS6.5AI score0.0069EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/03 7:47 p.m.10 views

CVE-2025-12531 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS0.0069EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.9 views

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A code issue vulnerability exists in IBM InfoSphere Information Server versions 11.7.0.0 through...

9.1CVSS6.7AI score0.0069EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-3559

Malware in sbrugna...

7.5CVSS7.5AI score0.1591EPSS
Exploits0References6
Rows per page
Query Builder