CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/08 5:46 a.m.•4 views

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS5.8AI score0.00553EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-38831

9.1CVSS5.8AI score0.00553EPSS

OSV•added 2026/05/06 2:44 p.m.•1 views

BIT-JAVA-MIN-2024-40896

OSV•added 2026/05/06 2:44 p.m.•1 views

BIT-JAVA-2024-40896

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-37810

Positive Technologies•added 2026/05/06 12:0 a.m.•2 views

PT-2026-38017

Snyk•added 2026/05/04 6:27 p.m.•4 views

XML External Entity (XXE) Injection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a...

9.1CVSS5.9AI score0.00113EPSS

Exploits0References2

EUVD•added 2026/05/04 4:55 p.m.•1 views

EUVD-2026-27003

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

5.8AI score0.00113EPSS

Exploits0References1

ATTACKERKB•added 2026/05/04 4:55 p.m.•1 views

CVE-2026-40682

5.8AI score0.00113EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-3600

Malware in sbrugna...

7.5CVSS8.1AI score0.00258EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-38822

Malicious code in bioql PyPI...

9.1CVSS7AI score0.00553EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-4455

Malicious code in bioql PyPI...

4.3CVSS7.8AI score0.03627EPSS

Exploits3References12

Snyk•added 2025/05/21 9:31 p.m.•4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...

6.8CVSS7.5AI score0.00197EPSS

Exploits1References2

F5 Networks•added 2025/05/09 4:1 p.m.•15 views

K000151254: libxml2 vulnerability CVE-2024-40896

Security Advisory Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible. CVE-2024-40896...

9.1CVSS7AI score0.00553EPSS

Exploits0

Microsoft CVE•added 2024/12/28 8:0 a.m.•3 views

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

...

9.1CVSS7AI score0.00553EPSS

Exploits0

RedhatCVE•added 2024/12/24 5:23 a.m.•4 views

CVE-2024-40896

A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to "checked." This vulnerability allows classic XML External Entity XXE attacks. Mitigation Mitigati...

9.1CVSS6.8AI score0.00553EPSS