Lucene search
+L

7711 matches found

CVE
CVE
added 2026/05/26 6:17 p.m.26 views

CVE-2026-3603

The CVE-2026-3603 issue affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (iFix001–iFix021), 7.1.0 (iFix001–iFix009), and 7.2.0 (iFix001–iFix002). A XML external entity (XXE) vulnerability arises when processing XML data, allowing an authenticated attacker to potent...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/25 11:37 p.m.17 views

CVE-2026-40682

A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted dictionary file. This can lead to an XML External Entity XXE injection, which allows for the disclosure of local files or enables server-side request forgery SSRF, where the serve...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/25 5:21 p.m.124 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CosmicSting CVE-2024-34102 Exploit Suite Complete exploit s...

9.8CVSS7.5AI score0.99994EPSS
Exploits26
Snyk
Snyk
added 2026/05/24 8:47 p.m.13 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

5.9CVSS6AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 3:47 p.m.7 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the use of SchemaFactory.newInstance and TransformerFactory.newInstance without applying FEATURESECUREPROCESSING. An attacker can access sensitive files or interact with internal systems by submittin...

6.9CVSS5.9AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 12:17 p.m.22 views

EUVD-2026-31434

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 12:17 p.m.4 views

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: quartz (UTSA-2026-016722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016722 advisory. initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Tenable has extracte...

9.8CVSS6.8AI score0.162EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/20 3:35 p.m.15 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Crawler::addXmlContent XML parsing logic. An attacker can read arbitrary local files by supplying crafted XML containing external entities, as validateOnParse re-enables DTD processing and...

8.8CVSS6AI score0.00462EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in libpgjava

The PostgreSQL JDBC Driver also known as PgJDBC prior to version 42.2.13 allowed XXE...

7.7CVSS7.4AI score0.04094EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in libxml2

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier, as well as other products, does not provide a direct flag indicating that the current document may be read, but other files may not be opened. This makes it easier for remote attackers to carry out XML External Entity XXE attacks...

5.5CVSS6.8AI score0.02938EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Jackson-Databind

A flaw was discovered in FasterXML Jackson Databind; it does not properly secure entity expansion. This flaw exposes the system to XML external entity XXE attacks. The most significant threat from this vulnerability is data integrity...

7.5CVSS6.8AI score0.17611EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in libjdom1-java, libjdom2-java

A XXE vulnerability exists in SAXBuilder in JDOM through version 2.0.6, allowing attackers to cause a denial of service through a crafted HTTP request...

7.5CVSS6.7AI score0.19442EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/19 1:53 p.m.93 views

py-waf

py-waf Python rever...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/19 9:23 a.m.14 views

CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:23 a.m.30 views

CVE-2026-46722

CVE-2026-46722 affects the file indexer’s OOXML parsing (notably in the Faceted Search extension ke_search). The root cause is that external entity resolution is not disabled, allowing a crafted xlsx or pptx placed in an indexed directory to read local files or trigger outbound HTTP requests, wit...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2026/05/18 2:30 p.m.15 views

TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00301EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.71 views

📄 Lobster_pro Arbitrary File Read / Server-Side Request Forgery

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP...

7.7CVSS6AI score0.0047EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.72 views

📄 4D Server Server-Side Request Forgery / Arbitrary File Read

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP SIGNED...

8.7CVSS6AI score0.00447EPSS
Exploits2
Veracode
Veracode
added 2026/05/16 5:36 a.m.16 views

XML External Entity (XXE) Injection

ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder