Lucene search
K

9841 matches found

Nuclei
Nuclei
added 16 hours ago21 views

Apache OFBiz - XML External Entity Injection

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7AI score0.1591EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago19 views

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.3AI score0.16239EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago32 views

GeoServer - XML External Entity Injection

GeoServer 2.26.0 to 2.26.2 and 2.25.6 contains an XML External Entity XXE injection caused by insufficient sanitization of XML input in /geoserver/wms GetMap operation, letting attackers disclose files or cause DoS, exploit requires crafted XML input. id: CVE-2025-58360 info: name: GeoServer - XM...

9.8CVSS7.1AI score0.67357EPSS
Exploits4References2
Nuclei
Nuclei
added 16 hours ago14 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS6.9AI score0.08085EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago19 views

Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

7.5CVSS7.1AI score0.04648EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago195 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7AI score0.05238EPSS
Exploits0References5
Nuclei
Nuclei
added 16 hours ago42 views

Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...

7.5CVSS6.9AI score0.09803EPSS
Exploits4References2
Nuclei
Nuclei
added 16 hours ago129 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS6.3AI score0.03395EPSS
Exploits2References3
NVD
NVD
added yesterday4 views

CVE-2026-48359

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-45071

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent set DOMDocument::$validateOnParse = true before loadXML, re-enabling external entity resolution and allowing attacker-supplied XML ...

8.7CVSS0.00052EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-48359 Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS6.5AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-48359

Adobe Experience Manager is affected by an XML External Entity (XXE) vulnerability (CVE-2026-48359) due to improper restriction of XML External Entity references. It could allow a low-privileged attacker to read sensitive files and potentially gain elevated access or control, with arbitrary code ...

9.6CVSS6.5AI score
Exploits0References1
Nuclei
Nuclei
added yesterday44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7AI score0.24141EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in tipsen-poc-again (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...

6.3AI score
Exploits0References2
Nuclei
Nuclei
added 2 days ago173 views

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

8.2CVSS7AI score0.3159EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago22 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2775 info: name: SysAid On-Prem = 23.3.40 - XML External Entity...

9.3CVSS7.1AI score0.5461EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago56 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2776 info: name: SysAid On-Prem = 23.3.40 - XML External Enti...

9.8CVSS7.1AI score0.72971EPSS
Exploits2References2
Nuclei
Nuclei
added 2 days ago125 views

SAP Internet Graphics Server (IGS) - XML External Entity Injection

SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...

7.5CVSS7AI score0.40591EPSS
Exploits2References6
Nuclei
Nuclei
added 4 days ago19 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7AI score0.79807EPSS
Exploits5References2
NVD
NVD
added 5 days ago5 views

CVE-2026-54470

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

5.3CVSS0.0019EPSS
Exploits0References1
Rows per page
Query Builder