CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from an insecure XML parser...

Exploit for CVE-2024-51132

CVE-2024-51132-POC Vulnerability Type XXE - XML Externa...

Zoho ManageEngine Applications Manager 代码问题漏洞

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product features application performance management, fault management, report generation, and SLA management. A security vulnerability exists in Zoho...

GHSA-PJCH-4G28-FXX7 External Entity Reference in TwelveMonkeys ImageIO

The package com.twelvemonkeys.imageio:imageio-metadata before version 3.7.1 is vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online...

CVE-2021-21669

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Perforce Software Perforce Helix ALM 代码问题漏洞

Perforce Software Perforce Helix ALM is an application software from Perforce Software, Inc. It provides application lifecycle management for products. A security vulnerability exists in Perforce Helix ALM 2020.3.1 Build 22, which stems from the XML Import feature accepting XML input data parsed ...