322 matches found
Fedora 44 : xmlstarlet (2026-dbf44e0b72)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dbf44e0b72 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...
Fedora 43 : xmlstarlet (2026-3c78c99467)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3c78c99467 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...
Unity Linux 20.1060e / 20.1070e Security Update: jackson (UTSA-2026-016674)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016674 advisory. A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus...
CVE-2026-20224 Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...
GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload
Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-6501
The CVE pertains to jOpenDocument 1.5 and is caused by an improper restriction of XML external entity references (XML External Entity, XXE). Affected component: jOpenDocument (version 1.5). Impact details from the record indicate potential data exposure/compromise via external entities, classifie...
CVE-2026-6501
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...
Astra Linux – Vulnerability in libjackson-json-java
A flaw was discovered in the org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities, similar to CVE-2016-3720, also affect the codehaus jackson-mapper-asl libraries, but in different classes...
Astra Linux – Vulnerabilities in Python 2.7, Python 3.7, and Pypy
A XXE issue was discovered in Python through version 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to prevent XML vulnerabilities...
CVE-2026-6807
GRASSMARLIN v3.2.1 exposes an XML External Entity (XXE) vulnerability. A crafted session data input can trigger improper XML parsing, potentially leaking sensitive information. A public exploit PoC indicates OOB file exfiltration via an external DTD reference, with the attacker able to base64-enc...
CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
CVE-2026-4374 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (multiple infrastructure services) allows Serialized Data External Linking, Data Serialization External Entities Blowup.
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector allows Serialized Data External Linking, Data Serialization External Entities Blowup.This issue...
RTI Connext Professional 安全漏洞
RTI Connext Professional is a connectivity platform developed by RTI Corporation in the United States, specifically designed to meet the demanding requirements of Industrial Internet of Things IIoT. RTI Connext Professional has a security vulnerability that stems from improper restrictions on XML...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
CVE-2026-32251 Tolgee has an XXE Injection in Translation Import
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...
EUVD-2026-9318
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server...
CVE-2026-1567 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server...