300 matches found
Asterisk 代码问题漏洞
Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. There were code vulnerabilities in versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. These vulnerabilities stemmed from...
CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...
Linux Distros Unpatched Vulnerability : CVE-2026-24400
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External...
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
FastBee 代码问题漏洞
FastBee is an IoT platform open-sourced by FastBee in China. A code issue vulnerability exists in FastBee 2.1 and earlier versions, which originates from a misuse of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req /ReqAbstractHandler.java could lead to an X...
Exploit for Improper Restriction of XML External Entity Reference in Apache Tika
CVE-2025-66516: Minimized Verification Environment This proje...
CVE-2025-68463
A flaw was found in python-biopython. The Bio.Entrez module is vulnerable to an XML External Entity XXE attack when processing untrusted XML data. A remote attacker could exploit this vulnerability to disclose sensitive information from the system or potentially cause a denial of service DoS by...
Exploit for CVE-2025-66516
CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 21 vulnerabilities (USN-7885-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7885-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations...
EUVD-2025-199853
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
Mustangproject allows exfiltrating files via XXE attacks
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
EUVD-2025-199852
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
GHSA-FJF5-XGMQ-5525 GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
Description An XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML...
GeoServer 代码问题漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer versions 2.26.0 through prior to 2.26.2 and prior to 2.25.6, which stems from insufficiently cleaned or restricted X...
USN-7882-1 openjdk-lts vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 11 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
EUVD-2025-197810
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
EUVD-2018-0498
Malware in sbrugna...
EUVD-2020-28455
Malware in sbrugna...