38 matches found
CVE-2026-32776
libexpat prior to 2.7.5 contains a NULL pointer dereference in the handling of empty external parameter entity content during XML parsing. Affected component: expat XML parser in versions before 2.7.5. Root cause: NULL pointer dereference inside external parameter entity processing. Impact per CV...
CVE-2026-32776
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...
CVE-2026-32776
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...
CVE-2026-32776
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...
libexpat 代码问题漏洞
libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.5 had code vulnerabilities; these vulnerabilities stemmed from allowing null pointer dereferencing when handling empty external parameter entity content...
MedDream PACS Premium existingUser reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2257 MedDream PACS Premium existingUser reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54778 SUMMARY A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium...
PT-2026-25630
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.5 Description The software contains a flaw where a NULL pointer dereference can occur when processing empty external parameter entity content. Recommendations Update to version 2.7.5 or later...
SUSE CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
RESTEasy: XXE via parameter entities
It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...
RESTEasy: XXE via parameter entities
It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...
MGASA-2014-0547 Updated resteasy package fix CVE-2014-3490
Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...
OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...
OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...
OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...
OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...
RESTEasy: XXE via parameter entities
It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...
RESTEasy: XXE via parameter entities
It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...
CentOS 7 : resteasy-base (CESA-2014:1011)
Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...