CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions improperly handle XML entities, resulting in an infinite loop where memory allocation occurs...

SUSE CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

Nmap 安全漏洞

Nmap is an open-source tool for network discovery and security scanning developed by Nmap. Version 7.70 of Nmap contains a security vulnerability. This vulnerability arises from handling malicious XML files containing exponentially growing entity extensions, which can lead to a denial-of-service...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

PT-2026-25995

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions 4.0.0-beta.3 through 5.5.5 Description fast-xml-parser allows users to process XML from JavaScript objects without relying on C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass tha...

Hitachi Energy RTU500 Product Uncontrolled Recursion (CVE-2024-8176)

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Incorrect Regular Expression

Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Incorrect Regular Expression in the entity parsing RegEx in DOCTYPE declarations. An attacker can inject arbitrary values that override built-in XML...

TencentOS Server 4: expat (TSSA-2025:0629)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0629 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2018-21443

Malware in sbrugna...

EUVD-2020-0702

Malware in sbrugna...

EUVD-2019-4302

Malware in sbrugna...

EUVD-2021-6734

Malicious code in bioql PyPI...

EUVD-2025-29397

Malicious code in bioql PyPI...

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...

CVE-2024-51135

An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51135

An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CVE-2024-51135

CVE-2024-51135 describes an XML External Entity (XXE) vulnerability in the powertac-server component, specifically in DocumentBuilderFactory used by powertac-server v1.9.0. Exploitation could allow an attacker to access sensitive information or execute arbitrary code by supplying crafted XML enti...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...