CVE-2025-10713

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

EUVD-2020-7076

Malware in sbrugna...

PT-2025-34950 · Sangfor · Iam +2

Name of the Vulnerable Software and Affected Versions: Sangfor Behavior Management System affected versions not specified Description: The Sangfor Behavior Management System also referred to as DC Management System contains an XML external entity XXE injection vulnerability in the /src/sangforind...

Jenkins Plugin Job Configuration History Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

HCL Technologies HCL Unica Platform 代码问题漏洞

HCL Technologies HCL Unica Platform is an enterprise automated marketing platform from HCL Technologies India.A security vulnerability exists in versions of HCL Technologies HCL Unica Platform prior to 12.1.1, which stems from an improperly configured XML parser that processing user-supplied inpu...

Excel-Streaming-Reader 代码问题漏洞

Excel-Streaming-Reader is a streaming Excel reader that uses Apache POI. A code issue vulnerability exists in versions of Excel-Streaming-Reader prior to 2.1.0 that stems from the XML parser used by the software missing certain required settings, resulting in XML entity expansion issues...

Cloudbees Jenkins 代码问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

CloudBees Jenkins Literate Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Literate is used in one of the document build...

SAP Hybris Commerce Omni Commerce Connect API Server-Side Request Forgery Vulnerability

SAP Hybris Commerce is a SAP solution for handling high visitor and order volumes in e-commerce, and the Omni Commerce Connect API OCC is one of the full-service connectivity APIs. A server-side request forgery vulnerability exists in OCC in SAP Hybris Commerce version 6. The vulnerability stems...

CVE-2018-2463

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...

Server side request forgery (ssrf)

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...