Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

Apache OFBiz - XML External Entity Injection

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

PT-2026-7979

CVE-2026-26041 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2026-26041 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-1173

CVE-2025-34137 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-34137 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...

PT-2025-53396

CVE-2023-5092 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2023-5092 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more details...

EUVD-2019-0726

Malware in sbrugna...

EUVD-2019-13403

Malware in sbrugna...

EUVD-2016-5906

Malware in sbrugna...

EUVD-2025-6172

Malicious code in bioql PyPI...

EUVD-2023-24231

Malicious code in bioql PyPI...

Adobe Experience Manager 安全漏洞

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An XML entity injection vulnerability exists in Adobe Experienc...

CVE-2025-54988

An XML External Entity injection flaw was found in the Apache Tika tika-parser-pdf-module. This vulnerability allows an attacker to provide a crafted XFA file within a PDF, read sensitive data, or trigger malicious requests to internal resources or third-party servers. Mitigation Mitigation for...

Adobe Experience Manager 代码问题漏洞

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. Adobe Experience Manager suffers from an XML entity injection...

PT-2025-23132 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns an XML Entity Injection. No further details are available about the issue, including the number of potentially affected devices or real-world incidents. Recommendations: A...

XML Entity Injection Vulnerability in UFIDA U8Cloud at UFIDA Network Technologies Co.

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. An XML entity injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive information...

CVE-2019-8126

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external...

PT-2025-20898 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an XML Entity Injection vulnerability. No specific details about affected devices, real-world incidents, or technical exploitation details such as API endpoint...

CVE-2025-24521

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2025-24521

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2025-24521 Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...