CVE-2026-20224

CVE-2026-20224 : Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) web UI contains an XML External Entity (XXE) handling flaw in XML parsing that could allow an unauthenticated, remote attacker to read arbitrary files on the affected system. Attacker must send a crafted request; no valid cr...

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

CVE-2026-20029

Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) have an XML External Entity (XXE) processing vulnerability in the licensing feature. The flaw arises from improper XML parsing in the web-based management interface, allowing an authenticated admin to upload a...

Dell Storage Manager XML External Entity References Improperly Restricted Vulnerability

Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An XML External Entity Reference Improper Restriction vulnerability...

EUVD-2018-16727

Malware in sbrugna...

EUVD-2016-6683

Malware in sbrugna...

EUVD-2022-3225

Malicious code in bioql PyPI...

EUVD-2024-43993

Malicious code in bioql PyPI...

CVE-2025-57704 EIP Builder XML External Entity Processing Information Disclosure Vulnerability

Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability...

CVE-2025-57704 EIP Builder XML External Entity Processing Information Disclosure Vulnerability

Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability...

CVE-2025-57704

Delta Electronics EIP Builder v1.11 is affected by a XML External Entity (XXE) processing vulnerability due to improper handling of XML entities during file parsing, causing information disclosure. The issue is described as a local, low-complexity vulnerability with user interaction required, pot...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

CVE-2025-31497

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity XXE Injection vulnerability in its document conversion functionality. The service processes XML...

Typo3 Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...

RHEL 6 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

Progress Software Telerik Reporting ValidateMetadaUri XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

Neos Flow Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...

CVE-2024-4357

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...

CVE-2024-4357 XML External Entity Processing Information Disclosure

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...