53632 matches found
CVE-2026-48614
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...
CVE-2026-48614
The CVE-2026-48614 vector affects the Plesk XML API. An improper authorization flaw allows an authenticated user to inject arbitrary configuration directives, enabling arbitrary file writes as root and full privilege escalation on the underlying server. The available sources describe the impact a...
BIT-TOMCAT-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...
OESA-2026-2857 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a poli...
PT-2026-56081
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...
PT-2026-55960
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...
Linux Distros Unpatched Vulnerability : CVE-2018-25282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the PatternParser process. An attacker can access sensitive files or interact with internal systems by submitting crafted XML data that triggers external entity resolution. Details XXE Injection is ...
CVE-2026-47898
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
EUVD-2026-41517
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
CVE-2026-47898
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
PT-2026-55505
Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Analysis.Common versions 4.8.0-beta00005 through 4.8.0-beta00017 Description Improper Restriction of XML External Entity Reference XXE in the Lucene.Net.Analysis.Common library, specifically within the PatternParser. XXE is a...
Notepad++ 8.9.6.2 < 8.9.6.4 TOCTOU Race Condition (CVE-2026-52885)
The version of Notepad++ installed on the remote host is 8.9.6.2 or 8.9.6.3. It is, therefore, affected by a TOCTOU race condition vulnerability: - A time-of-check time-of-use TOCTOU race condition exists in the HMAC verification of shortcuts.xml. The HMAC check validates the on-disk file at...
CVE-2026-44941
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...
CVE-2026-44941 libzypp path traversal via "keyhint" in repomd.xml
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...
PYSEC-2026-740 Improper Restriction of XML External Entity Reference in trytond and proteus
An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...
PYSEC-2026-741 XML Entity Expansion in trytond and proteus
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...
PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...