Lucene search
+L

9843 matches found

cnnvd
cnnvd
added 2026/05/29 12:0 a.m.12 views

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2026.1 contained code vulnerabilities due to XML external entity injections in the UI Designer form parser...

3.3CVSS5.9AI score0.00109EPSS
Exploits0References1
osv
osv
added 2026/05/27 9:9 p.m.5 views

GHSA-X6G4-FWCC-JJ8W Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References6
nvd
nvd
added 2026/05/27 4:16 a.m.15 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS0.00201EPSS
Exploits0References1
euvd
euvd
added 2026/05/27 2:54 a.m.16 views

EUVD-2026-32047

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
cve
cve
added 2026/05/27 2:54 a.m.32 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.16 views

PT-2026-43483

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.7 Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 11.0.0.0 Description Certain XML parsers do not prevent the resolution of external entities...

7.7CVSS5.9AI score0.00201EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.11 views

Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
nvd
nvd
added 2026/05/26 7:16 p.m.16 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...

7.1CVSS0.00354EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/26 6:17 p.m.42 views

CVE-2026-3603 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...

7.1CVSS0.00354EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/26 6:17 p.m.9 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/26 6:17 p.m.11 views

CVE-2026-3603 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1
cve
cve
added 2026/05/26 6:17 p.m.24 views

CVE-2026-3603

The CVE-2026-3603 issue affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (iFix001–iFix021), 7.1.0 (iFix001–iFix009), and 7.2.0 (iFix001–iFix002). A XML external entity (XXE) vulnerability arises when processing XML data, allowing an authenticated attacker to potent...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.22 views

PT-2026-43374

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 Interim Fix 001 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 Interim Fix 001 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.9 views

IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities ste...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/25 11:37 p.m.16 views

CVE-2026-40682

A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted dictionary file. This can lead to an XML External Entity XXE injection, which allows for the disclosure of local files or enables server-side request forgery SSRF, where the serve...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References5
githubexploit
githubexploit
added 2026/05/25 5:21 p.m.118 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CosmicSting CVE-2024-34102 Exploit Suite Complete exploit s...

9.8CVSS7.5AI score0.99994EPSS
Exploits26
snyk
snyk
added 2026/05/24 8:47 p.m.12 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

5.9CVSS6AI score0.00318EPSS
Exploits0References2
snyk
snyk
added 2026/05/22 3:47 p.m.6 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the use of SchemaFactory.newInstance and TransformerFactory.newInstance without applying FEATURESECUREPROCESSING. An attacker can access sensitive files or interact with internal systems by submittin...

6.9CVSS5.9AI score0.00338EPSS
Exploits0References2
euvd
euvd
added 2026/05/22 12:17 p.m.21 views

EUVD-2026-31434

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/22 12:17 p.m.43 views

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

0.00338EPSS
Exploits0References1
Rows per page
Query Builder