Lucene search
K

13 matches found

CVE
CVE
added 2026/06/24 5:45 p.m.60 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.34 views

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

0.00224EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/15 7:20 a.m.11 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/08 9:35 p.m.3 views

CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-16727

Malware in sbrugna...

7.5CVSS7.4AI score0.0406EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/09/19 2:54 p.m.10 views

CVE-2023-3892 Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this docume...

5.6CVSS7AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2018/11/26 2:0 a.m.49 views

CVE-2018-19531

HTTL (Hyper-Text Template Language) 1.0.11 and earlier is vulnerable to remote command execution due to unsafe use of java.beans.XMLEncoder in decodeXml when xml.codec is not configured. This is documented across multiple sources (NVD entry CVE-2018-19531, Veracode note, and OSV/CVE references). ...

9.8CVSS9.6AI score0.04587EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/05/19 5:29 p.m.29 views

CVE-2018-4942

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure...

7.5CVSS7.2AI score0.0406EPSS
Exploits0References2
Prion
Prion
added 2018/05/19 5:29 p.m.29 views

Xxe

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure...

5CVSS7.5AI score0.0406EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2018/05/19 5:0 p.m.10 views

CVE-2018-4942

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure...

7.2AI score0.0406EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/04/12 12:0 a.m.90 views

Adobe ColdFusion Multiple Vulnerabilities (APSB18-14)

Adobe ColdFusion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:coldfusion";...

10CVSS7AI score0.63304EPSS
Exploits1References3
OSV
OSV
added 2017/08/05 3:29 p.m.5 views

CVE-2017-12439

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...

7.5CVSS5.2AI score0.00639EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/08/05 3:0 p.m.26 views

CVE-2017-12439

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...

7.6AI score0.00639EPSS
Exploits1References1
Rows per page
Query Builder