Linux Distros Unpatched Vulnerability : CVE-2020-25649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity X...

Lucee 代码问题漏洞

Lucee is a high-performance open source CFML server written in Java by Lucee Open Source. A code issue vulnerability exists in Lucee versions 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173, which stems from an XML External Entity References attack and could lead to remote code execution...

Linux Distros Unpatched Vulnerability : CVE-2024-3572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper...

Linux Distros Unpatched Vulnerability : CVE-2014-7839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the 1 external-general-entities or 2 external-parameter-entities features, which allows remote...

Linux Distros Unpatched Vulnerability : CVE-2014-3004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a...

Linux Distros Unpatched Vulnerability : CVE-2015-3451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XX...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the deserialize method, when handling untrusted XML data, which may contain external entity references. Details XXE Injection is a type of attack against an application that parses XML input. XML is...

IBM OpenPages with Watson 代码问题漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring,...

CVE-2024-25066

CVE-2024-25066 affects RSA Authentication Manager prior to 8.7 SP2 Patch 1. It enables XML External Entity (XXE) attacks via a license file, allowing attacker-controlled files to be stored on the server. Data exfiltration is not possible. Remediation: upgrade to 8.7 SP2 Patch 1 or later; as a tem...

PT-2025-6020 · Xml2Rfc · Xml2Rfc

Name of the Vulnerable Software and Affected Versions: xml2rfc versions 3.12.0 through 3.26.0 Description: The issue concerns XML External Entity XXE injection attacks. It was discovered that xml2rfc does not respect the --allow-local-file-access flag when a local file is specified as src in...

CVE-2020-15232

In mapfish-print before version 3.24, a user can do to an XML External Entity XXE attack with the provided SDL style...

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

Ubuntu: Security Advisory (USN-7215-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the XMLParser component in the CI/CD application integration and delivery system of JetBrains TeamCity allows attackers to perform XXE attacks.

The vulnerability of the XMLParser component in the CI/CD application integration and delivery system of JetBrains TeamCity is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

AZL-54657 CVE-2024-40896 affecting package libxml2 for versions less than 2.11.5-2

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2024-56356

JetBrains TeamCity prior to 2024.12 is affected by an insecure XMLParser configuration that may permit XXE attacks. The root cause is improper handling of external entities in XML parsing, as described in multiple sources (including PT-2024-9791 and Red Hat). Impact is potential data exposure via...

PT-2024-9791 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to the XMLParser component in the JetBrains TeamCity system, which has an incorrect restriction on XML links to external objects. This can allow a remote attacker ...

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS JAVA, which stems from a lack of validation of XML inputs, allowing an unauthenticated...