The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager (AEM) Forms on JEE lies in the incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files.

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager AEM Forms on JEE is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could...

The vulnerability of the IBM Aspera Shares software lies in the incorrect limitation on XML references to external objects, which allows a hacker to expose confidential information.

The vulnerability of the IBM Aspera Shares software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to expose confidential information...

The vulnerability of the DOCX import function in the Polarion ALM software for application lifecycle management allows a hacker to read arbitrary files.

The vulnerability of the DOCX import function in the Polarion ALM application lifecycle management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

The vulnerability of the Apache XML Graphics FOP transformation tool arises from improper restrictions on XML references to external objects, allowing attackers to execute XXE attacks.

The vulnerability of the Apache XML Graphics FOP transformation tool is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

PT-2025-21177 · Sulu · Sulu

Name of the Vulnerable Software and Affected Versions: Sulu versions 2.5.21 through 2.5.24 Sulu versions 2.6.5 through 2.6.8 Sulu versions 3.0.0-alpha1 through 3.0.0-alpha2 Description: Sulu is an open-source PHP content management system based on the Symfony framework. The issue allows an admin...

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, which stems from...

ALPINE-CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

The vulnerability of the validateAgainstXSD method implemented in HPE Insight Remote Support, a software solution for remote monitoring, management, and support of servers and data storage systems, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the validateAgainstXSD method implemented in HPE Insight Remote Support, a software solution for remote monitoring, management, and support of servers and data storage systems, is related to incorrect restrictions on XML references to external objects. Exploiting this...

The vulnerability of IBM WebSphere Application Server Liberty and IBM WebSphere Application Server arises from incorrect restrictions on XML references to external objects, which allows attackers to disclose sensitive information.

The vulnerability of IBM WebSphere Application Server Liberty and IBM WebSphere Application Server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information remotely...

The vulnerability of the ImportXml method in the Ivanti EPM endpoint management software allows a hacker to gain access to confidential information.

The vulnerability of the ImportXml method in the Ivanti EPM endpoint management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XLSX file...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML references to external objects. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML references to external objects. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the software tool for processing and managing financial transactions conducted through the SWIFT international messaging system allows a perpetrator to disclose protected information or compromise the accessibility of that information, due to incorrect restrictions on XML links to external objects in the IBM Financial Transaction Manager for SWIFT Services.

The vulnerability of the software tool for processing and managing financial transactions conducted through the SWIFT messaging system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected...

The vulnerability of the Libxml2 library lies in the improper limitation on XML references to external objects, which allows attackers to access confidential data.

The vulnerability of the Libxml2 library is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller arises from incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller arises from incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the IBM Cognos Controller software, which supports closing processes, consolidating data, and generating reports, is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software allows a hacker to trigger a maintenance failure.

The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to trigger service failure remotely...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a intruder to gain unauthorized access to protected information.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container allows a attacker to execute arbitrary code.

The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...