Unity Linux 20.1070e Security Update: quartz (UTSA-2026-016722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016722 advisory. initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Tenable has extracte...

CVE-2025-68463

Biopython (Bio.Entrez) up to version 1.86 is affected by CVE-2025-68463, an XML external entity (XXE) vulnerability in Bio.Entrez that can arise from processing untrusted Doctype declarations. Affected component/file: Bio.Entrez in Biopython; root cause: improper handling of external entities lea...

EUVD-2014-3027

Malware in sbrugna...

CVE-2025-36603

Dell AppSync, versions 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...

CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

CVE-2022-3338

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2020-26066

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...

IBM Security Access Manager Container 代码问题漏洞

IBM Security Access Manager is a product for information security management applications from International Business Machines IBM. The product enables access management control through integrated appliances for web, mobile and cloud computing. An XML external entity injection vulnerability exist...

CVE-2023-46265

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery SSRF...

GHSA-6HVG-62Q8-95V7 svg_optimizer rubygem external XML entity (XXE) vulnerability

An issue in Fnando svgoptimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content...

External XML entity (XXE) vulnerability in svg_optimizer rubygem

An issue in Fnando svgoptimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content...

CVE-2023-22832

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...

CVE-2021-36172

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...

DEBIAN-CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

Engel & Völkers Technology GmbH: XXE on www.publish.engelvoelkers.com

Summary: A XML External Entities vulnerability has been found on www.publish.engelvoelkers.com:8443. Initially a GET request was made to /dp/services and that returned a 500 Error with some XML data. Changing the HTTP request method to POST with some XML data produced a different response, so it...

CVE-2018-13823

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

CVE-2018-1000056

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

DEBIAN-CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...