Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.16 views

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

7.5CVSS7AI score0.00718EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/13 10:21 a.m.6 views

XML External Entity (XXE)

langchaincommunity is vulnerable to XML External Entity XXE. The vulnerability is due to insecure XML parsing in the EverNoteLoader component that uses etree.iterparse without disabling external entity references, which allows an attacker to craft a malicious XML payload to access sensitive local...

7.5CVSS6.7AI score0.01531EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-36778

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01178EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:30 p.m.4 views

GHSA-PC6W-59FV-RH23 Langchain Community Vulnerable to XML External Entity (XXE) Attacks

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...

7.5CVSS7AI score0.01531EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/04 12:30 p.m.9 views

Langchain Community Vulnerable to XML External Entity (XXE) Attacks

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...

7.5CVSS6.5AI score0.01531EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.5 views

LangChain 信息泄露漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. An information disclosure vulnerability exists in LangChain version 0.3.63, which stems from insecure XML parsing and could lead to the disclosure of sensitive information...

7.5CVSS7.3AI score0.01531EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/09 9:45 a.m.7 views

XML External Entity (XXE) Injection

Langroid is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing due to the XMLToolMessage class processing untrusted XML input without proper restrictions, potentially enabling denial of service or local file disclosure...

9.1CVSS6.6AI score0.00545EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/01/21 9:22 p.m.81 views

CVE-2025-23195

The CVE-2025-23195 XXE vulnerability affects Ambari/Oozie where XML input is parsed with DocumentBuilderFactory without disabling external entity resolution. This can enable an attacker to read arbitrary server files or trigger SSRF. Affected product version exposure is documented as fixed in Amb...

7.5CVSS6.5AI score0.00718EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/11/28 10:6 a.m.10 views

XML External Entity (XXE) Injection

HAPI FHIR is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing by HAPI FHIR, specifically within the XSLT parsing components, which improperly handle external entity references in XML files. It allows attackers to inject malicious XML content, such ...

8.6CVSS6.5AI score0.00918EPSS
Exploits0References6Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 9:35 a.m.40 views

Security Bulletin: Insecure XML parsing vulnerability affect IBM Business Automation Workflow - CVE-2014-0107, CVE-2022-34169

Summary IBM Business Automation Workflow reintroduced an outdated version of the Xalan library. Vulnerability Details CVEID:CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker...

7.5CVSS8.2AI score0.17673EPSS
Exploits4Affected Software2
RedHat Linux
RedHat Linux
added 2023/12/06 11:30 p.m.3 views

gradle: Possible local text file exfiltration by XML External entity injection

A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it...

6.8CVSS5.7AI score0.00674EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/11/16 8:15 p.m.18 views

CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations XSLT that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance...

8CVSS7.7AI score0.89066EPSS
Exploits4References3
Cvelist
Cvelist
added 2023/11/16 8:15 p.m.43 views

CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations XSLT that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance...

8CVSS9.3AI score0.89066EPSS
Exploits4References3
CNVD
CNVD
added 2018/05/21 12:0 a.m.6 views

Adobe ColdFusion Insecure XML Parsing Vulnerability

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An insecure XML parsing vulnerability exists in Adobe ColdFusion. The vulnerability stems from the program's...

7.5CVSS6.7AI score0.0406EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/08/15 12:0 a.m.54 views

RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:2469)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2469 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java...

9.8CVSS7.2AI score0.03524EPSS
Exploits0References39
RedHat Linux
RedHat Linux
added 2017/07/20 3:58 p.m.5 views

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

6.5CVSS7.3AI score0.02862EPSS
Exploits0References5
Rows per page
Query Builder