220 matches found
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016636)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016636 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parse...
Astra Linux - уязвимость в libjdom1-java, libjdom2-java
A XXE vulnerability exists in SAXBuilder in JDOM through version 2.0.6, allowing attackers to cause a denial of service through a crafted HTTP request...
BIT-JRE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
PT-2026-38831
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
BIT-JAVA-MIN-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
BIT-JAVA-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
PT-2026-37810
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
PT-2026-38017
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
SUSE CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
XML External Entity (XXE) Injection
Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a...
EUVD-2026-27003
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
XML Entity Expansion (Billion Laughs)
Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...
XML Entity Expansion (Billion Laughs)
Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...
EUVD-2014-3600
Malware in sbrugna...
EUVD-2024-38822
Malicious code in bioql PyPI...
EUVD-2022-4455
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-33813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Note that Nessus relie...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...
K000151254: libxml2 vulnerability CVE-2024-40896
Security Advisory Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible. CVE-2024-40896...