Lucene search
+L

1417 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-45300

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion...

5.3CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-14979 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML Entity Expansion attack

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion...

5.3CVSS
Exploits0References1
CVE
CVE
added 3 hours ago9 views

CVE-2026-14979

IBM Engineering Lifecycle Management – Jazz Foundation (DOORS) is affected by CVE-2026-14979 due to improper handling of XML entity expansion, enabling a remote attacker to cause a denial of service. Affected versions: 7.0.3 (iFix001–021), 7.1.0 (iFix001–009), 7.2.0 (and 7.2.0 iFix001). CVSSv3.1 ...

5.3CVSS5.4AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago7 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML Entity Expansion attack

Summary XML Entity Expansion vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-14979 DESCRIPTION: DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion...

6.1AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.3 views

assertj: AssertJ: Information disclosure and denial of service via XML External Entity (XXE)

A flaw was found in AssertJ. An XML External Entity XXE vulnerability exists in the XmlStringPrettyFormatter component, which is used by the isXmlEqualToCharSequence assertion. If an application processes untrusted XML input using these methods, a remote attacker could exploit this flaw to read...

9.1CVSS7.2AI score0.00542EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-741 XML Entity Expansion in trytond and proteus

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS6AI score0.01927EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/26 12:32 a.m.10 views

EUVD-2026-39593

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.11 views

CVE-2026-12993

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 11:23 p.m.22 views

CVE-2026-12993

Affected software: Apicurio Registry. Vulnerability: DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, allowing an attacker with artifact-write permission to upload XML documents containing internal entity-expansion payloads (billion-laughs) that c...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.47 views

CVE-2026-12993 Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.10 views

CVE-2026-12993

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 9:12 p.m.8 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52629

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the DocumentBuilderAccessor where DOCTYPE declarations are not disabled and FEATURE SECURE PROCESSING is not enabled. Although external DTD and schema access are...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 5:45 p.m.61 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/24 5:45 p.m.35 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.17 views

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 3:51 p.m.44 views

CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS0.00343EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 p.m.11 views

CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS5.4AI score0.00343EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 3:51 p.m.39 views

CVE-2026-45771

FreeSWITCH (before version 1.11.0) is vulnerable to a Denial-of-Service via its bundled XML parser, which expands nested declarations without a bound, allowing an unauthenticated attacker to drive unbounded CPU/memory usage by sending a crafted SIP PUBLISH PIDF body. The issue arises because the...

7.5CVSS5.4AI score0.00343EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/09 3:51 p.m.5 views

CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS5.9AI score0.00343EPSS
Exploits0References4
Rows per page
Query Builder