CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

EUVD-2025-29397

Malicious code in bioql PyPI...

PT-2024-10052 · Ibm · Ibm Websphere Application Server +1

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.5 Description: The issue is related to incorrect restriction of XML links to external objects, which can be exploited...

Vulnerability fixed in DBeaver

A vulnerability has been fixed in DBeaver. The vulnerability allows a local malicious agent to obtain sensitive data. This is possible because the loading of external XML entities is not properly is not properly captured. For this vulnerability Proof-of-Concept code is available. DBeaver's...

Adobe ColdFusion 11 XML External Entity Injection

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical ============================================= I. VULNERABILITY -------------------------...

Apple OS X iBooks File Handling Information Disclosure Vulnerability

Apple OS X is an operating system developed by Apple Inc. A vulnerability in Apple OS X's handling of iBooks files that reference external XML entities allows attackers to exploit the vulnerability to obtain sensitive information...

WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WSO2 Identity Server other WSO2 Carbon based products may be affected too...

Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

MGASA-2015-0140 Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

Ubuntu 14.04 LTS : Apache Standard Taglibs vulnerability (USN-2551-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2551-1 advisory. David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute...

USN-2551-1: Apache Standard Taglibs vulnerability

David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities

Binary data 8936.pasl...

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities : - An error exists related to chunk size and chunked requests that allows denial of service attacks...

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...