Lucene search
K

7677 matches found

CVE
CVE
added 4 days ago10 views

CVE-2026-57259

Technical details about CVE-2026-57259 are not publicly available in the provided documents; no product/version/root-cause information is present here. Monitor for updates.

6.5CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software2
Nuclei
Nuclei
added 4 days ago329 views

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

8.3CVSS7.3AI score0.94721EPSS
Exploits1References2
OSV
OSV
added 5 days ago4 views

PYSEC-2026-1515 Langchain Community Vulnerable to XML External Entity (XXE) Attacks

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...

7.5CVSS7AI score0.01531EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/03 9:17 a.m.4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the PatternParser process. An attacker can access sensitive files or interact with internal systems by submitting crafted XML data that triggers external entity resolution. Details XXE Injection is ...

9.8CVSS6AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 8:16 a.m.5 views

CVE-2026-47898

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

9.8CVSS0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 7:47 a.m.9 views

EUVD-2026-41517

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS5.9AI score0.00328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:47 a.m.10 views

CVE-2026-47898

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS5.9AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55505

Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Analysis.Common versions 4.8.0-beta00005 through 4.8.0-beta00017 Description Improper Restriction of XML External Entity Reference XXE in the Lucene.Net.Analysis.Common library, specifically within the PatternParser. XXE is a...

9.8CVSS6AI score0.00328EPSS
Exploits0References9
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-740 Improper Restriction of XML External Entity Reference in trytond and proteus

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

6.5CVSS6.1AI score0.01374EPSS
Exploits1References10
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/30 7:32 p.m.34 views

CVE-2026-13449 XXE attack in IBM Business Automation Manager Open Editions

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:32 p.m.6 views

EUVD-2026-40389

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS5.8AI score0.00406EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default f...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 2:30 p.m.34 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:30 p.m.5 views

EUVD-2026-39421

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 5:45 p.m.6 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS6AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38784

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder