CVE-2026-20224

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

Updated expat packages fix security vulnerabilities

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. CVE-2026-24515 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

XML External Entity (XXE) Injection

Mustang is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper restriction of external entity references during XML processing, which allows an attacker to exploit XXE attacks to exfiltrate arbitrary files from the affected system...

CVE-2025-46425

Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

EUVD-2019-10755

Malware in sbrugna...

Security update for expat

This update for expat fixes the following issues: expat was updated to version 2.7.1: Bug fixes: Restore event pointer behavior from Expat 2.6.4 that the fix to CVE-2024-8176 changed in 2.7.0; affected API functions are: - XMLGetCurrentByteCount - XMLGetCurrentByteIndex - XMLGetCurrentColumnNumbe...

Linux Distros Unpatched Vulnerability : CVE-2019-11763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment...

LG Simple Editor XML File External Entity Handling Vulnerability

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from an XML File External Entity Handling vulnerability due to an improper restriction on XML External Entity XXE references, wher...

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...

SUSE CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

Denial Of Service (DoS)

nokogiri is vulnerable to Denial Of Service DoS. SAX parser's inefficient entity handling for regular expressions causes excessive backtracking when a malicious documents are parsed which allows an attacker to cause an application crash...

Vulnerability fixed in Zimbra

Synacor has fixed a vulnerability in Zimbra in the way in which XML entities are processed in zm-saml-consumer-store. This vulnerability makes it possible for a malicious person to perform a Denial-of-Service attack. Attacks carried out via this vulnerability are also known as "billion laughs"...

PT-2019-3030 · Microsoft · Xmllite +1

Name of the Vulnerable Software and Affected Versions: Windows XmlLite versions affected versions not specified Description: A denial of service issue exists due to improper parsing of XML input by the XmlLite runtime. This could allow a remote unauthenticated attacker to cause a denial of servic...

[SECURITY] Fedora 30 Update: drupal7-entity-1.9-1.fc30

This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...

Citrix XenMobile Server XML External Entity Handling Vulnerability

Citrix XenMobile Server is a mobility management solution from Citrix Systems. The solution is capable of managing mobile devices, developing mobile policies and compliance rules, and providing insight into the operation of mobile mobile networks. A security vulnerability exists in Citrix XenMobi...

NetIQ Access Manager Information Disclosure Vulnerability (CNVD-2017-04728)

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. NetIQ Access Manager Information Disclosure Vulnerability. Since Access Manager 4.1 and 4.2 support risk-based authentication on the Identity Server. An attacker can obtain local file...

Pidgin < 2.12.0 libpurple/util.c purple_markup_unescape_entity() XML Entity Handling RCE

The version of Pidgin installed on the remote Windows host is prior to 2.12.0. It is, therefore, affected by a remote code execution vulnerability in the libpurple library in util.c due to an out-of-bounds writer error in the purplemarkupunescapeentity function that is triggered when handling...

DEBIAN-CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

UBUNTU-CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...