CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

CVE-2026-22186

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

EUVD-2014-3554

Malware in sbrugna...

EUVD-2025-3139

Malicious code in bioql PyPI...

Allure Report allows Improper XXE Restriction via DocumentBuilderFactory

Summary A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitra...

GHSA-H7QF-QMF3-85QG Allure Report allows Improper XXE Restriction via DocumentBuilderFactory

Summary A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitra...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

CVE-2025-23195 Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

XML External Entity (XXE) Injection

org.powertac:server-interface is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation in the DocumentBuilderFactory component, allowing attackers to access sensitive information or execute arbitrary code via crafted XML entities...

GHSA-PGRC-8WP5-5MVQ powertac-server XML External Entity vulnerability

An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

powertac-server XML External Entity vulnerability

An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51135

An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51135

An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-38374

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...

CVE-2024-38374

CVE-2024-38374 affects CycloneDX core (cyclonedx-core-java): before deserializing XML BOMs, an insecurely configured DocumentBuilderFactory used in XPath evaluation allowed XXE injection. The issue was fixed in cyclonedx-core-java 9.0.4; later notes indicate the XML Validator path was also affect...

XML External Entity (XXE)

org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...

XML External Entity Injection

OpenCRX is vulnerable to XML External Entity injection XXE. The vulnerability is due to improper input sanitization in the DocumentBuilderFactory function . This can potentially lead to server side request forgery attacks...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...