XML External Entity (XXE)

org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...

GHSA-FCQJ-76G3-Q7QM Bio-Formats has an XML External Entity (XXE) vulnerability

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

CVE-2026-22186

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

CVE-2026-22186

Bio-Formats

PT-2024-34534 · Unknown · Powertac-Server

Name of the Vulnerable Software and Affected Versions: powertac-server version 1.9.0 Description: An XML External Entity XXE vulnerability in the component DocumentBuilderFactory allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing...

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

PT-2014-5400 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager versions prior to 3.4.2 Description: The issue is related to an XML External Entity XXE problem, where the oVirt Engine backend module uses an insecure DocumentBuilderFactory. This allows remote...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...