319 matches found
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...
Unity Linux 20.1060e / 20.1070e Security Update: jackson (UTSA-2026-016674)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016674 advisory. A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus...
Astra Linux - уязвимость в python2.7, python3.7, pypy
A XXE issue was discovered in Python through version 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to prevent XML vulnerabilities...
Astra Linux - уязвимость в libjackson-json-java
A flaw was discovered in the org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities, similar to CVE-2016-3720, also affect the codehaus jackson-mapper-asl libraries, but in different classes...
CVE-2026-20224 Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...
GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload
Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-6501
The CVE pertains to jOpenDocument 1.5 and is caused by an improper restriction of XML external entity references (XML External Entity, XXE). Affected component: jOpenDocument (version 1.5). Impact details from the record indicate potential data exposure/compromise via external entities, classifie...
CVE-2026-6501
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...
CVE-2026-6807
GRASSMARLIN v3.2.1 exposes an XML External Entity (XXE) vulnerability. A crafted session data input can trigger improper XML parsing, potentially leaking sensitive information. A public exploit PoC indicates OOB file exfiltration via an external DTD reference, with the attacker able to base64-enc...
CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
CVE-2026-4374 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...
RTI Connext Professional 安全漏洞
RTI Connext Professional is a connectivity platform developed by RTI Corporation in the United States, specifically designed to meet the demanding requirements of Industrial Internet of Things IIoT. RTI Connext Professional has a security vulnerability that stems from improper restrictions on XML...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
CVE-2026-32251 Tolgee has an XXE Injection in Translation Import
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...
EUVD-2026-9318
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server...
CVE-2026-1567 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server...
PT-2026-22315
Name of the Vulnerable Software and Affected Versions Xerox FreeFlow Core versions up to and including 8.0.7 Description An XML External Entity XXE issue allows a malicious user to perform Server-Side Request Forgery SSRF by submitting specially crafted XML input that includes malicious external...
PT-2026-7582
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from...