Lucene search
K

7209 matches found

CVE
CVE
added yesterday6 views

CVE-2026-54470

Dell Unisphere for PowerMax, versions up to 10.3.0.5, are affected by an Improper Restriction of XML External Entity Reference. The issue targets the XML parser in a network-accessible context and could allow a low-privileged, remote attacker to gain unauthorized access to sensitive data. The CVS...

5.3CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-54470

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

5.3CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-42875

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

5.3CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday20 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2775 info: name: SysAid On-Prem = 23.3.40 - XML External Entity...

9.3CVSS7.4AI score0.5461EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday55 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2776 info: name: SysAid On-Prem = 23.3.40 - XML External Enti...

9.8CVSS7.4AI score0.72971EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday12 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS7.1AI score0.08085EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday41 views

Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...

7.5CVSS7AI score0.09803EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday41 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7.1AI score0.24141EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday18 views

Apache OFBiz - XML External Entity Injection

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7AI score0.1591EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

7.5CVSS7.2AI score0.04648EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday16 views

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.4AI score0.16239EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday159 views

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

8.2CVSS7.2AI score0.3159EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday76 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS6.2AI score0.03395EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2 days ago3 views

assertj: AssertJ: Information disclosure and denial of service via XML External Entity (XXE)

A flaw was found in AssertJ. An XML External Entity XXE vulnerability exists in the XmlStringPrettyFormatter component, which is used by the isXmlEqualToCharSequence assertion. If an application processes untrusted XML input using these methods, a remote attacker could exploit this flaw to read...

9.1CVSS7.2AI score0.00542EPSS
Exploits0References8
NVD
NVD
added 3 days ago7 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS0.00309EPSS
Exploits0References3
CVE
CVE
added 3 days ago32 views

CVE-2026-55471

CVE-2026-55471 concerns HAPI FHIR’s XsltUtilities.sax(on)Transform overloads, which historically instantiate a bare net.sf.saxon.TransformerFactoryImpl() without external-access restrictions. This enables XML External Entity (XXE) processing, allowing local file disclosure and blind XXE/SSRF when...

8.7CVSS6AI score0.00309EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-55471 HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS6AI score0.00309EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago4 views

cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5.8AI score0.00515EPSS
Exploits0References6
CVE
CVE
added 3 days ago8 views

CVE-2026-57259

Technical details about CVE-2026-57259 are not publicly available in the provided documents; no product/version/root-cause information is present here. Monitor for updates.

6.5CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder