CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

AssertJ code issue vulnerabilities

AssertJ is an open-source unit testing tool developed by AssertJ. In versions 1.4.0 to 3.27.7 of AssertJ, there were code vulnerabilities. These vulnerabilities stemmed from an XML external entity vulnerability in XmlStringPrettyFormatter, which could allow for the reading of arbitrary local file...

Ashisuto DataSpider Servista 代码问题漏洞

Ashisuto DataSpider Servista is an enterprise data integration platform from Ashisuto Japan. A code issue vulnerability exists in Ashisuto DataSpider Servista 4.4 and prior versions, which stems from an improperly restricted XML external entity reference that could result in the reading of...

BIT-NIFI-2020-13940

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...

Linux Distros Unpatched Vulnerability : CVE-2018-1000546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure,...

SysAid On-Prem 安全漏洞

SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Checkin processing function that could lead to...

FitNesse Security Breach

FitNesse is a fully integrated standalone wiki and acceptance testing framework. A security vulnerability exists in FitNesse that stems from the presence of an XML External Entity Misreference vulnerability that could allow an unauthenticated, remote attacker to obtain sensitive information, alte...

php: XML loading external entity without being enabled

A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...

PT-2023-27482 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specif...

VulnCheck KEV: CVE-2019-13608

Citrix StoreFront Server contains an XML External Entity XXE processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information...

Elastic Stack 6.5.2 security update

Elasticsearch information disclosure ESA-2018-19 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning’s findfilestructure API. If a policy allowing external network access has been added to Elasticsearch’s Java Security Manager then an attacker could send a...

CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

DEBIAN-CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

DEBIAN-CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...