356 matches found
Jinher OA 代码问题漏洞
Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA 1.2 and earlier versions, which originates from an XML external entity reference vulnerability in the /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx file...
Delta Electronics EIP Builder
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...
Linux Distros Unpatched Vulnerability : CVE-2018-1000069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from...
Linux Distros Unpatched Vulnerability : CVE-2018-1000652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of...
Apache Tika 1.13 - 3.2.1 XXE Vulnerability
Apache Tika is prone to an XML external entity XXE vulnerability in the tika-parser-pdf-module. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2025-54988
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...
CVE-2025-54988
This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...
Linux Distros Unpatched Vulnerability : CVE-2019-13031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LemonLDAP::NG before 1.9.20 has an XML External Entity XXE issue when submitting a notification to the notification server. By default, the notification server ...
PT-2025-33724 · Lexmark · Lexmark Printer Drivers
Name of the Vulnerable Software and Affected Versions: Lexmark printer drivers for Windows affected versions not specified Description: The software contains an improper restriction of XML External Entity XXE references. This allows an attacker to disclose sensitive information to an arbitrary UR...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
CVE-2025-5466
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
Cosmic Sting: CVE-2024-34102 Exploiter Cosmic Sting is a Go-b...
Dell Storage Manager XXE (CVE-2025-22478)
Binary data dellstoragemanagercve-2025-22478.nbin...
Security update for eclipse-jgit
This update for eclipse-jgit fixes the following issues: CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
SUMMARY SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions...
CVE-2025-54992 OpenKilda XXE in SAML configuration
OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity XXE injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is...
TencentOS Server 2: expat (TSSA-2025:0543)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0543 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-36603
Dell AppSync, versions 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...
Jinher OA 代码问题漏洞
Jinher OA is a collaborative management software from China Jinher Jinher Company. A code issue vulnerability exists in Jinher OA version 1.1, which stems from an incorrect operation of the file XmlHttp.aspx resulting in an XML external entity reference...