CVE-2026-20224

CVE-2026-20224 : Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) web UI contains an XML External Entity (XXE) handling flaw in XML parsing that could allow an unauthenticated, remote attacker to read arbitrary files on the affected system. Attacker must send a crafted request; no valid cr...

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

fast-xml-builder 安全漏洞

fast-xml-builder is an open-source building tool developed by Natural Intelligence that converts JSON data into XML format. Versions of fast-xml-builder prior to 1.1.7 contained security vulnerabilities. These vulnerabilities occurred when input data contained quotes in attribute values, and enti...

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

📄 fast-xml-parser REGEX Injection / Cross Site Scripting

fast-xml-parser versions starting at 4.1.3 and below 5.3.5 suffer from a REGEX injection issue that can allow for cross site scripting attacks. ============================================================================================================================================= | Title :...

Linux Distros Unpatched Vulnerability : CVE-2026-25128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0...

CVE-2026-20029

Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) have an XML External Entity (XXE) processing vulnerability in the licensing feature. The flaw arises from improper XML parsing in the web-based management interface, allowing an authenticated admin to upload a...

Dell Storage Manager XML External Entity References Improperly Restricted Vulnerability

Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An XML External Entity Reference Improper Restriction vulnerability...

EUVD-2018-16727

Malware in sbrugna...

EUVD-2016-6683

Malware in sbrugna...

EUVD-2022-3225

Malicious code in bioql PyPI...

EUVD-2024-43993

Malicious code in bioql PyPI...

CVE-2025-57704 EIP Builder XML External Entity Processing Information Disclosure Vulnerability

Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability...

CVE-2025-57704 EIP Builder XML External Entity Processing Information Disclosure Vulnerability

Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability...

CVE-2025-57704

Delta Electronics EIP Builder v1.11 is affected by a XML External Entity (XXE) processing vulnerability due to improper handling of XML entities during file parsing, causing information disclosure. The issue is described as a local, low-complexity vulnerability with user interaction required, pot...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

CVE-2025-31497

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity XXE Injection vulnerability in its document conversion functionality. The service processes XML...

Remote Code Execution (RCE)

org.lucee, lucee is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper XML entity processing in the Lucee REST endpoint, allows an attacker to execute arbitrary code by exploiting improper XML entity processing in the Lucee REST endpoint...

Typo3 Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...