Lucene search
+L

187 matches found

CNNVD
CNNVD
added 2025/08/05 12:0 a.m.7 views

Adobe Experience Manager 代码问题漏洞

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. Adobe Experience Manager suffers from an XML entity injection...

8.6CVSS8.5AI score0.77133EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.7 views

The vulnerability of the framework for working with large language models (LLMs) like LlamaIndex lies in the improper restriction on recursive references to entities in the DTD. This allows attackers to trigger a service failure.

The vulnerability of the LlamaIndex framework for working with large language models is related to an improper limitation on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00415EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/07/07 10:44 a.m.3 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index-readers-stripe-docs is a llama-index readers stripedocs integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and...

8.7CVSS7AI score0.00415EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.13 views

CVE-2023-6194

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...

7.1CVSS6.8AI score0.00306EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.6 views

CVE-2023-42132

FD Application Apr. 2022 Edition Version 9.01 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

5.5CVSS7AI score0.00195EPSS
Exploits0
OSV
OSV
added 2025/05/02 12:13 p.m.8 views

CLSA-2025-1746188001 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...

7.5CVSS7AI score0.01569EPSS
Exploits0References1
OSV
OSV
added 2025/05/02 12:5 p.m.7 views

CLSA-2025-1746187509 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...

7.5CVSS7AI score0.01569EPSS
Exploits0References1
OSV
OSV
added 2025/05/02 12:3 p.m.11 views

CLSA-2025-1746187414 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...

7.5CVSS7.2AI score0.01569EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 11:46 a.m.4 views

USN-7424-1 expat vulnerability

It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references. If a user or automated system were tricked into processing specially crafted XML input, an attacker could use this issue to cause a denial of service...

7.5CVSS6.7AI score0.01569EPSS
Exploits0References2
OSV
OSV
added 2025/03/27 4:1 p.m.6 views

USN-7368-1 snakeyaml vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

7.5CVSS6.8AI score0.26723EPSS
Exploits1References2
OSV
OSV
added 2025/03/14 9:15 a.m.10 views

AZL-58641 CVE-2024-8176 affecting package expat for versions less than 2.6.4-1

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

7.5CVSS6.7AI score0.01569EPSS
Exploits0References1
OSV
OSV
added 2025/02/07 8:32 p.m.5 views

GHSA-432C-WXPG-M4Q3 xml2rfc has file inclusion irregularities

Version 3.12.0 changed xml2rfc so that it would not access local files without the presence of its new --allow-local-file-access flag. This prevented XML External Entity XXE injection attacks with xinclude and XML entity references. It was discovered that xml2rfc does not respect...

6.9CVSS7.2AI score
Exploits0References3
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.4 views

HAPI FHIR 安全漏洞

HAPI FHIR is a Java-written HL7 FHIR API for the HAPI FHIR open source. A security vulnerability exists in HAPI FHIR versions prior to v6.4.0 that stems from the presence of an external entity reference that allows an attacker to access sensitive information or execute arbitrary code by providing...

9.8CVSS9AI score0.01851EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.9 views

The vulnerability of the XML tools for Ruby REXML stems from improper restrictions on recursive references to entities in DTDs. This allows attackers to trigger a service failure.

The vulnerability of the XML tools for Ruby REXML is related to improper restrictions on recursive references to entities in DTDs. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

5.9CVSS6.4AI score0.01205EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2024/08/08 12:15 a.m.10 views

CVE-2024-6893

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...

7.5CVSS5.8AI score0.32916EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.8 views

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker personal developer. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions. An attacker exploited the vulnerability to cause xml external entity references...

8.8CVSS6.5AI score0.00628EPSS
Exploits1References5
OSV
OSV
added 2024/02/20 8:19 a.m.9 views

CLSA-2024-1708417192 libxml2: Fix of 3 CVEs

CVE-2017-7375: add validation for parsed entity references - CVE-2017-7376: fix buffer overflow in URL handling - CVE-2017-8872: free input buffer in xmlHaltParser...

10CVSS7AI score0.23694EPSS
Exploits0References1
Prion
Prion
added 2024/01/24 2:15 a.m.19 views

Xxe

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

1.9CVSS7.1AI score0.00195EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/24 1:32 a.m.12 views

CVE-2024-22380

Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file,...

7.2AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/24 1:32 a.m.35 views

CVE-2024-22380

Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file,...

5.8AI score0.00214EPSS
Exploits0References2
Rows per page
Query Builder