Docling 安全漏洞

Docling is an open-source multi-format document parsing and AI integration tool developed by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.parse to parse XML files without disabling entity parsin...

Docling 安全漏洞

Docling is a multi-format document parsing and AI integration tool open-sourced by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.fromstring to parse XML files without disabling entity parsing,...

USN-8023-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. CVE-2026-24515 It was discovered that Expat, contained within the xmltok library,...

CLSA-2026-1770647876 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

XML External Entity (XXE)

org.jenkins-ci.plugins, generic-webhook-trigger is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perfor...

JLSEC-2025-58 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD...

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

EUVD-2021-9163

Malicious code in bioql PyPI...

CVE-2025-6984

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...

Dell SmartFabric OS10 Software Code Issue Vulnerability

Dell SmartFabric OS10 Software is network operating system software developed by Dell to simplify the management and automation of data center network architectures. A security vulnerability exists in Dell SmartFabric OS10 Software versions prior to 10.6.0.5 that stems from improper handling of X...

PT-2024-6096

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.6.3 Description The issue is related to a problem in the libexpat library, which is used for parsing XML files. It is caused by the library's failure to properly restrict references to external XML entities. This c...

Medium: php

Issue Overview: A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

WS J WBEM Server Code Issue Vulnerability

WS J WBEM Server is an open source server software from WS. A security vulnerability in WS-Inc J WBEM Server version 4.x prior to 4.7.5 stems from a CIM-XML protocol adapter that does not disable entity parsing, allowing context-sensitive attackers to read arbitrary files or cause a denial of...

OESA-2023-1418 pki-core security update

Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content o...

OWSLib 代码问题漏洞

OWSLib is a Python package for client-side programming using the Open Geospatial Consortium OGC Web Services hence the name OWS interface standard and its associated content model. A code issue vulnerability exists in versions of OWSLib prior to 0.28.1 that stems from an XML parser that does not...

SUSE CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits...

php: Special character breaks path in xml parsing

A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

National Library Of The Netherlands / Research Digger 代码问题漏洞

National Library Of The Netherlands / Research Digger is a Digger dataset code from National Library Of The Netherlands / Research. National Library Of The Netherlands / Research Digger suffers from a code issue vulnerability that stems from insufficient security considerations when parsing XML...

MultiNer代码问题漏洞

National Library Of The Netherlands / Research MultiNer is used by National Library Of The Netherlands / Research to merge the output of five different Dutch named entity recognition packages into a single answer. A security vulnerability exists in MultiNer that stems from insufficient security...

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...