PT-2026-38017

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

esaml 安全漏洞

esaml is a library developed by Australian developer Lexi Wilson for handling SAML authentication. It provides functions for SAML service providers and identity providers. esaml has a security vulnerability, which stems from the undisabled XML entity extensions. This vulnerability may lead to XML...

CVE-2023-49656

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2025-44283

Name of the Vulnerable Software and Affected Versions Jenkins JDepend Plugin versions 1.3.1 and earlier Description The Jenkins JDepend Plugin uses an outdated version of the JDepend Maven Plugin that lacks proper configuration of its XML parser. This configuration deficiency can allow for XML...

EUVD-2016-0027

Malware in sbrugna...

EUVD-2022-4694

Malicious code in bioql PyPI...

EUVD-2022-3031

Malicious code in bioql PyPI...

CVE-2025-7766

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed...

CVE-2025-7766

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed...

Allure Report 代码问题漏洞

Allure Report is a flexible, lightweight, multi-language test reporting tool from the Allure Framework open source. A code issue vulnerability exists in Allure Report 2 versions prior to 2.34.1, which stems from xunit-xml-plugin not securely configuring the XML parser, which could lead to XXE...

CVE-2023-28683

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-45400

Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21656

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-5602

Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit EM Configurator Ver. 1.010L and earlier, GT Designer3 GOT2000 Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlie...

CVE-2020-2315

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

Alibaba Cloud Linux 3 : 0184: pki-core:10.6 and pki-deps:10.6 (ALINUX3-SA-2022:0184)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0184 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-4213: A flaw was found in JSS,...

libxml2: XXE vulnerability

A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to "checked." This vulnerability allows classic XML External Entity XXE attacks...

CVE-2025-24910

Hitachi Vantara Pentaho Business Analytics Server prior to 10.2.0.2 (including 9.3.x and 8.3.x) is affected by an XML External Entity (XXE) vulnerability in MessageSourceCrawler. The issue allows an attacker to cause the application to read local files via a file:// entity, and can also trigger o...