CVE-2026-20224

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

Updated expat packages fix security vulnerabilities

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. CVE-2026-24515 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

XML External Entity (XXE) Injection

Mustang is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper restriction of external entity references during XML processing, which allows an attacker to exploit XXE attacks to exfiltrate arbitrary files from the affected system...

CVE-2025-46425

Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

LG Simple Editor XML File External Entity Handling Vulnerability

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from an XML File External Entity Handling vulnerability due to an improper restriction on XML External Entity XXE references, wher...

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...

PT-2019-3030 · Microsoft · Xmllite +1

Name of the Vulnerable Software and Affected Versions: Windows XmlLite versions affected versions not specified Description: A denial of service issue exists due to improper parsing of XML input by the XmlLite runtime. This could allow a remote unauthenticated attacker to cause a denial of servic...

Citrix XenMobile Server XML External Entity Handling Vulnerability

Citrix XenMobile Server is a mobility management solution from Citrix Systems. The solution is capable of managing mobile devices, developing mobile policies and compliance rules, and providing insight into the operation of mobile mobile networks. A security vulnerability exists in Citrix XenMobi...

NetIQ Access Manager Information Disclosure Vulnerability (CNVD-2017-04728)

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. NetIQ Access Manager Information Disclosure Vulnerability. Since Access Manager 4.1 and 4.2 support risk-based authentication on the Identity Server. An attacker can obtain local file...

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...