Lucene search
K

91 matches found

Cvelist
Cvelist
added 2026/06/25 9:12 p.m.23 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00244EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00244EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.7 views

CVE-2026-49875

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5AI score0.00485EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/12 11:10 a.m.6 views

XML External Entity (XXE) Injection

Overview org.apache.cxf:cxf-core is an an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper configuration of the...

9.8CVSS5.7AI score0.00485EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.10 views

CVE-2026-49875

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

9.8CVSS0.00485EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 8:54 a.m.84 views

CVE-2026-49875

Apache CXF is affected by an XML External Entity (XXE) issue described as CVE-2026-49875. The vulnerability arises because EndpointReferenceUtils and W3CMultiSchemaFactory construct a SAXParserFactory without proper JAXP hardening, enabling out-of-band (OOB) external entity resolution. Affected c...

9.8CVSS5.3AI score0.00485EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 8:54 a.m.7 views

CVE-2026-49875 Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

5.2AI score0.00485EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016636 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parse...

7.5CVSS7.2AI score0.01374EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 5:46 a.m.6 views

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS5.8AI score0.01192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS5.8AI score0.01192EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:44 p.m.8 views

BIT-JAVA-MIN-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 2:44 p.m.4 views

BIT-JAVA-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38017

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37810

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/04 6:27 p.m.7 views

XML External Entity (XXE) Injection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:55 p.m.5 views

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 4:55 p.m.22 views

EUVD-2026-27003

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

5.8AI score0.00515EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-3600

Malware in sbrugna...

7.5CVSS8.1AI score0.02142EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-38822

Malicious code in bioql PyPI...

9.1CVSS7AI score0.01192EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-4455

Malicious code in bioql PyPI...

4.3CVSS7.8AI score0.07794EPSS
Exploits3References12
Rows per page
Query Builder