Lucene search
K

9801 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.5AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

6.5CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit thi...

7.1CVSS5.5AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-20224

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS5.7AI score0.00696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40882

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...

7.6CVSS5.4AI score0.00249EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.9 views

CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

7.5CVSS5.5AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.11 views

CVE-2024-2374

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

9.1CVSS5.4AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 9:14 p.m.7 views

GHSA-M88R-RG27-5XFG Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

7.5CVSS6AI score0.00334EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:14 p.m.19 views

Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

9.4CVSS6AI score0.00334EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/03 9:13 p.m.11 views

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

7.1CVSS5.5AI score0.00113EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.8 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46121

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.74.0 Description The USPTO patent XML parser uses the xml.sax.parseString function without protection against XML External Entity XXE attacks. This allows an attacker to use malicious XML files with external entity...

7.5CVSS5.9AI score0.00334EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46120

Name of the Vulnerable Software and Affected Versions Docling versions 2.45.0 through 2.90.0 Description The METS-GBS backend's XML parsing and input document format detection lack security controls. This allows for XML External Entity XXE attacks, which occur when an XML parser improperly handle...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/01 9:25 a.m.99 views

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.17 views

Malicious code in ethers-hash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d77270819f9736bb8e5eaba898605cbe713dfaf9b06c2ad539aa29f77651aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.17 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.38 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:15 p.m.14 views

EUVD-2026-33391

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.8AI score0.00109EPSS
Exploits0References1
Rows per page
Query Builder