Lucene search
+L

356 matches found

EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45180

libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity XXE vulnerability...

9.8CVSS5.2AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2026-8396 XXE in Netcad's NetGIS

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...

7.5CVSS5.3AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 1:16 p.m.5 views

CVE-2026-54470

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

5.3CVSS0.0019EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.6 views

cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5.8AI score0.00527EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

9.1CVSS0.00406EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.8 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.3CVSS5.9AI score0.00445EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Fedora 44 : xmlstarlet (2026-dbf44e0b72)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dbf44e0b72 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

Fedora 43 : xmlstarlet (2026-3c78c99467)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3c78c99467 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...

5.6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.43 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: quartz (UTSA-2026-016722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016722 advisory. initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Tenable has extracte...

9.8CVSS6.8AI score0.162EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: jackson (UTSA-2026-016674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016674 advisory. A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus...

7.5CVSS6.5AI score0.17044EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerabilities in Python 2.7, Python 3.7, and Pypy

A XXE issue was discovered in Python through version 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to prevent XML vulnerabilities...

9.8CVSS7.3AI score0.04268EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libjackson-json-java

A flaw was discovered in the org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities, similar to CVE-2016-3720, also affect the codehaus jackson-mapper-asl libraries, but in different classes...

7.5CVSS6.5AI score0.17044EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 4:8 p.m.48 views

CVE-2026-20224 Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS0.00696EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:35 p.m.6 views

GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload

Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...

6.5CVSS6AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.34 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

0.003EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 2:26 p.m.13 views

CVE-2026-6501

The CVE pertains to jOpenDocument 1.5 and is caused by an improper restriction of XML external entity references (XML External Entity, XXE). Affected component: jOpenDocument (version 1.5). Impact details from the record indicate potential data exposure/compromise via external entities, classifie...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 2:26 p.m.12 views

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/28 5:41 p.m.16 views

CVE-2026-6807

GRASSMARLIN v3.2.1 exposes an XML External Entity (XXE) vulnerability. A crafted session data input can trigger improper XML parsing, potentially leaking sensitive information. A public exploit PoC indicates OOB file exfiltration via an external DTD reference, with the attacker able to base64-enc...

5.5CVSS5.2AI score0.00197EPSS
Exploits1References2
Rows per page
Query Builder