Lucene search
K

9807 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.13 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.18 views

XML External Entity (XXE) Injection

Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...

8.8CVSS5.7AI score0.00352EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.10 views

CVE-2026-40998: Jaxp13 XPath XXE via StreamSource and SAXSource

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK’s default DocumentBuilderFactory behavior instead of Spring’s hardened parser configuration. Applications that evaluate XPath against untrusted...

8.2CVSS6AI score0.00352EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 11:46 p.m.39 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:46 p.m.10 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.14 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS0.00406EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:33 p.m.33 views

CVE-2026-47960 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS0.00406EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:33 p.m.39 views

CVE-2026-47960

CVE-2026-47960 summary ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference (XXE) that could lead to an arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/09 8:33 p.m.11 views

EUVD-2026-35831

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35446

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 4:16 p.m.12 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 2:41 p.m.30 views

CVE-2026-8045

CVE-2026-8045 describes a CWE-611 XML External Entity (XXE) vulnerability in a SOAP service endpoint that can disclose server-side file contents when a crafted XML payload is submitted by a Data Center Expert user. The affected behavior involves parsing user-supplied XML leading to information di...

7.1CVSS5.5AI score0.00233EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 2:41 p.m.35 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier have code vulnerabilities. These vulnerabilities stem from...

7.4CVSS6AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48275

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An Improper Restriction of XML External Entity Reference XXE allows arbitrary file system read. This issue enables an attacker to access sensitive files...

7.4CVSS5.3AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47813

Name of the Vulnerable Software and Affected Versions Schneider Electric Data Center Expert affected versions not specified Description An Improper Restriction of XML External Entity Reference XXE issue exists, which occurs when an application fails to restrict XML external entity references,...

7.1CVSS6.6AI score0.00233EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.22 views

PT-2026-48306

Name of the Vulnerable Software and Affected Versions Spring REST Docs version 4.0.0 Spring REST Docs versions 3.0.0 through 3.0.5 Spring REST Docs versions 2.0.0.RELEASE through 2.0.8.RELEASE Description An XXE XML External Entity injection attack can occur when using spring-restdocs-webtestclie...

5.9CVSS6AI score0.00223EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Schneider Electric Data Center Expert 代码问题漏洞

Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References2
Rows per page
Query Builder