USN-8023-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. CVE-2026-24515 It was discovered that Expat, contained within the xmltok library,...

CLSA-2026-1770647876 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

XML External Entity (XXE)

org.jenkins-ci.plugins, generic-webhook-trigger is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perfor...

JLSEC-2025-58 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD...

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

CVE-2025-6984

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...

National Library Of The Netherlands / Research Digger 代码问题漏洞

National Library Of The Netherlands / Research Digger is a Digger dataset code from National Library Of The Netherlands / Research. National Library Of The Netherlands / Research Digger suffers from a code issue vulnerability that stems from insufficient security considerations when parsing XML...

SUSE-SU-2020:0856-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: py26-compat-salt: - Replace pycrypto with M2Crypto as dependency for SLE15+ bsc1165425 redstone-xmlrpc: - Disable external entity parsing 1790381, bsc1164120, CVE-2020-1693 - Do not download external entities 1555429, bsc1085414, CVE-2018-1077 spacecmd: -...

CVE-2019-3481

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7...

CVE-2019-3481

CVE-2019-3481 concerns a XML External Entity (XXE) parsing vulnerability in Micro Focus ArcSight Logger prior to version 6.7. The issue stems from insecure XML entity handling in the affected logger, enabling information disclosure or disruption of service as described in CNVD-2019-08313 (and mir...

Adobe Digital Editions Information Disclosure Vulnerability (CNVD-2017-37094)

Adobe Digital Editions software offers an engaging way to help you view and manage eBooks and other digital publications. An information disclosure vulnerability exists in Adobe Digital Editions versions 4.5.6 and earlier. The vulnerability arises due to the software's insecure XML external entit...

Adobe Digital Editions Multiple Vulnerabilities (Aug 2017) - Mac OS X

Adobe Digital Edition is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:digitaleditions...

Adobe Digital Editions Multiple Vulnerabilities (Aug 2017) - Windows

Adobe Digital Edition is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:digitaleditions...