Lucene search
K

9774 matches found

NVD
NVD
added 2026/06/23 1:16 p.m.13 views

CVE-2026-56701

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.34 views

CVE-2026-56701 Grav - XML External Entity Injection via SVG Upload

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38442

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56701

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:13 p.m.13 views

CVE-2026-56701

Grav under 2.0.0-beta.2 is affected by an XML External Entity (XXE) vulnerability in SVG file upload handling. The issue arises because the application uses simplexml_load_string without disabling external entity loading, allowing authenticated attackers to inject XXE payloads via SVG files to ex...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 9:16 a.m.11 views

CVE-2026-12788

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 7:45 a.m.5 views

CVE-2026-12788

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS5.5AI score0.00237EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 7:45 a.m.32 views

CVE-2026-12788 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 XML Parser import xml external entity reference

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 7:45 a.m.21 views

CVE-2026-12788

CVE-2026-12788 affects zhilink 智互联(深圳)科技有限公司的 ADP Application Developer Platform 1.0.0. A vulnerability exists in the XML Parser component, specifically in the file /adpweb/a/base/barcodeDetail/import, allowing an XML External Entity (XXE) reference. The issue could be triggered remotely, and the...

6.5CVSS6.2AI score0.00237EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/19 4:36 p.m.4 views

XML External Entity (XXE) Injection

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to XML External Entity XXE Injection in the Nokogiri::XML::Schema when the NONET parse option is not correctly enforced on JRuby. An attacker can access external network resources b...

8.3CVSS5.9AI score0.00166EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Python 2.7, Python 3.7, and Pypy

A XXE issue was discovered in Python through version 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to prevent XML vulnerabilities...

9.8CVSS7.3AI score0.04268EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libxml2

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier, as well as other products, does not provide a direct flag indicating that the current document may be read, but other files may not be opened. This makes it easier for remote attackers to carry out XML External Entity XXE attacks...

5.5CVSS6.8AI score0.02938EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Jackson-Databind

A flaw was discovered in FasterXML Jackson Databind; it does not properly secure entity expansion. This flaw exposes the system to XML external entity XXE attacks. The most significant threat from this vulnerability is data integrity...

7.5CVSS6.8AI score0.17611EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 8:16 p.m.15 views

CVE-2026-48981

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 6:55 p.m.16 views

CVE-2026-48981 pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS0.00115EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 6:55 p.m.18 views

CVE-2026-48981

The CVE-2026-48981 issue affects pam_usb for Linux, where in versions prior to 0.9.2 the module loads its configuration via xmlReadFile() with flags=0. This allows libxml2 to process external entity references (XXE) during XML parsing, potentially causing outbound network connections or local fil...

6.7CVSS5.4AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50782

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description pam usb provides hardware authentication for Linux using removable media. The software calls the xmlReadFile function with flags=0 when loading the configuration file, which allows libxml2 to process...

6.7CVSS5.8AI score0.00115EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/17 6:47 p.m.4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...

8.9CVSS6.1AI score
Exploits0References2
Veracode
Veracode
added 2026/06/16 9:35 a.m.9 views

XML External Entity (XXE) Injection

Spring Web Services is vulnerable to XML External Entity XXE Injection. The vulnerability is due to Jaxp13XPathTemplate using a code path for StreamSource and SAXSource inputs that parses attacker-controlled XML with the default DocumentBuilderFactory configuration instead of Spring's hardened XM...

8.2CVSS5.4AI score0.00352EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/15 7:20 a.m.9 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder