Lucene search
K

16 matches found

NVD
NVD
added 2026/06/11 7:16 a.m.26 views

CVE-2026-40998

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...

8.2CVSS0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48621

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Jaxp13XPathTemplate evaluated XPat...

8.2CVSS5.8AI score0.00352EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...

8.2CVSS5.5AI score0.00352EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2017-7375)

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher- risk attack surface in libxml2 not...

9.8CVSS6.8AI score0.0264EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16402

Malware in sbrugna...

9.8CVSS8.5AI score0.0264EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.5 views

SUSE CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

5.3CVSS8.6AI score0.0264EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.5 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.07269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/31 3:40 p.m.4 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.07269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.4 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.07269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:25 p.m.2 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.07269EPSS
Exploits0References4
OSV
OSV
added 2018/02/19 7:29 p.m.4 views

DEBIAN-CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

9.8CVSS9.3AI score0.0264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2018/02/19 7:0 p.m.1 views

CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

6.3AI score0.0264EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2018/02/19 7:0 p.m.45 views

CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

9.8CVSS8.5AI score0.0264EPSS
Exploits0
OSV
OSV
added 2017/06/21 12:0 a.m.1 views

UBUNTU-CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

9.8CVSS6.8AI score0.0264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/06/16 12:52 p.m.36 views

CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

9.8CVSS1AI score0.0264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/03/03 12:0 a.m.5 views

PT-2017-3747

Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: A flaw in libxml2 allows remote XML entity inclusion with default parser flags. This may expose a higher-risk attack surface, allowing access to content from local files, HTTP, or FTP...

10CVSS9.6AI score0.23694EPSS
Exploits16References120
Rows per page
Query Builder