CVE-2026-20029

Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) have an XML External Entity (XXE) processing vulnerability in the licensing feature. The flaw arises from improper XML parsing in the web-based management interface, allowing an authenticated admin to upload a...

EUVD-2018-16727

Malware in sbrugna...

EUVD-2024-43993

Malicious code in bioql PyPI...

CVE-2025-57704

Delta Electronics EIP Builder v1.11 is affected by a XML External Entity (XXE) processing vulnerability due to improper handling of XML entities during file parsing, causing information disclosure. The issue is described as a local, low-complexity vulnerability with user interaction required, pot...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

Typo3 Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...

RHEL 6 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

Neos Flow Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...

CVE-2024-4357 XML External Entity Processing Information Disclosure

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...

CVE-2024-4357

Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...

RHEL 6 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

RHEL 7 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

CVE-2023-40507

LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-51601 Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-51601 Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-51600 Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-40506

LG Simple Editor is affected by a XXE-based information disclosure in the copyContent command. The flaw arises from improper restriction of XML External Entity references, allowing a crafted document to cause the XML parser to fetch a URI and embed its contents back into the document (SYSTEM cont...

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

VBASE VISAM Automation Base VBASE-Editor GestureConfigurations File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...