CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

EUVD-2019-0198

Malware in sbrugna...

EUVD-2024-36633

Malicious code in bioql PyPI...

EUVD-2025-6172

Malicious code in bioql PyPI...

EUVD-2025-29397

Malicious code in bioql PyPI...

EUVD-2022-42725

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-14720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK...

The vulnerability of the IBM Aspera Shares software lies in the incorrect limitation on XML references to external objects, which allows a hacker to expose confidential information.

The vulnerability of the IBM Aspera Shares software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to expose confidential information...

The vulnerability of the DOCX import function in the Polarion ALM software for application lifecycle management allows a hacker to read arbitrary files.

The vulnerability of the DOCX import function in the Polarion ALM application lifecycle management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

The vulnerability of the Apache XML Graphics FOP transformation tool arises from improper restrictions on XML references to external objects, allowing attackers to execute XXE attacks.

The vulnerability of the Apache XML Graphics FOP transformation tool is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

The vulnerability of the validateAgainstXSD method implemented in HPE Insight Remote Support, a software solution for remote monitoring, management, and support of servers and data storage systems, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the validateAgainstXSD method implemented in HPE Insight Remote Support, a software solution for remote monitoring, management, and support of servers and data storage systems, is related to incorrect restrictions on XML references to external objects. Exploiting this...

CVE-2024-37397

An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...

The vulnerability of the ImportXml method in the Ivanti EPM endpoint management software allows a hacker to gain access to confidential information.

The vulnerability of the ImportXml method in the Ivanti EPM endpoint management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

PT-2024-10052 · Ibm · Ibm Websphere Application Server +1

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.5 Description: The issue is related to incorrect restriction of XML links to external objects, which can be exploited...

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XLSX file...

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, has a flaw related to improper restrictions on XML links to external objects. This allows attackers to carry out XXE attacks.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the improper restriction on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

The vulnerability of the Libxml2 library lies in the improper limitation on XML references to external objects, which allows attackers to access confidential data.

The vulnerability of the Libxml2 library is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

CVE-2022-3338

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2021-45096

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE external XML entity injection via a crafted workflow file .knwf, aka AP-17730...