Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

GHSA-4V8G-86X5-3VRC Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

XML External Entity (XXE) Injection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a SAXParserFactory without enabling FEATURESECUREPROCESSING or disabling DTD processing. An attacker can access local files...

DEBIAN-CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

PT-2026-36635

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The DictionaryEntryPersistor class initializes a static SAXParserFactory without enabling FEATURE SECURE PROCESSING or disabling DTD processing. When...

PT-2026-36636

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The ExtensionLoader.instantiateExtensionClass, String function loads a class by its fully-qualified name using Class.forName and invokes its no-arg...

PT-2026-36637

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description An OutOfMemory OOM Denial of Service exists in the AbstractModelReader class. The methods getOutcomes, getOutcomePatterns, and getPredicates read a...

UBUNTU-CVE-2025-38627

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

CVE-2024-51739

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...

http-default-accounts NSE Script

Tests for access with default credentials used by a variety of web applications and devices. It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found. This script depends on a fingerprint file containing the...