Lucene search
K

9782 matches found

OSV
OSV
added 4 days ago2 views

PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
OSV
OSV
added 4 days ago3 views

PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
Nuclei
Nuclei
added 4 days ago27 views

GeoServer - XML External Entity Injection

GeoServer 2.26.0 to 2.26.2 and 2.25.6 contains an XML External Entity XXE injection caused by insufficient sanitization of XML input in /geoserver/wms GetMap operation, letting attackers disclose files or cause DoS, exploit requires crafted XML input. id: CVE-2025-58360 info: name: GeoServer - XM...

9.8CVSS7.5AI score0.66753EPSS
Exploits4References2
NVD
NVD
added 6 days ago5 views

CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

9.1CVSS0.00406EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40389

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS5.8AI score0.00406EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-13449 XXE attack in IBM Business Automation Manager Open Editions

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS0.00406EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-13449

IBM Business Automation Manager Open Editions (versions 9.0.0–9.4.2) are vulnerable to an XML External Entity (XXE) attack when processing XML data, potentially exposing sensitive information or exhausting memory. Root cause: XXE in XML processing. Impact: confidentiality and availability risks a...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-53970

Name of the Vulnerable Software and Affected Versions IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 Description An XML external entity injection XXE occurs when processing XML data. This allows a remote attacker to expose sensitive information or consume memory...

9.1CVSS6AI score0.00406EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-572 weixin-python XML External Entity vulnerability

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name...

9.8CVSS5.4AI score0.00775EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default f...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 9:12 p.m.15 views

CVE-2026-12975

CVE-2026-12975 affects Apicurio Registry. The flaw is in ContentTypeUtil.isParsableXml(), which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs wit...

8.5CVSS5.8AI score0.00244EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.10 views

CVE-2026-44020

A flaw was found in docling. An attacker could exploit an XML External Entity XXE vulnerability in the USPTO patent XML parser by crafting malicious XML files. This could allow the attacker to read arbitrary files from the server's filesystem, perform Server-Side Request Forgery SSRF attacks, or...

9.4CVSS5.9AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:30 p.m.5 views

EUVD-2026-39421

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:30 p.m.33 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:45 p.m.30 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 5:45 p.m.6 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS6AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:45 p.m.51 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder