7676 matches found
Vulnerabilities in Adobe ColdFusion
Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 2023.19, 2025.8, and earlier versions. These vulnerabilities include improper input validation, which allows arbitrary code to be executed without user interaction. There is also a path traversal vulnerability that enables...
CVE-2026-40998 Jaxp13 XPath XXE via StreamSource and SAXSource
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...
EUVD-2026-36208
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...
VMware Spring Web Services 代码问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...
CVE-2026-47960
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...
EUVD-2026-35885
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
XML External Entity (XXE) Injection
Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...
CVE-2026-40998: Jaxp13 XPath XXE via StreamSource and SAXSource
Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK’s default DocumentBuilderFactory behavior instead of Spring’s hardened parser configuration. Applications that evaluate XPath against untrusted...
CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
CVE-2026-47960 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...
EUVD-2026-35831
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...
CVE-2026-47960
CVE-2026-47960 summary ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference (XXE) that could lead to an arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th...
EUVD-2026-35446
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
CVE-2026-8045
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
CVE-2026-8045
CVE-2026-8045 describes a CWE-611 XML External Entity (XXE) vulnerability in a SOAP service endpoint that can disclose server-side file contents when a crafted XML payload is submitted by a Data Center Expert user. The affected behavior involves parsing user-supplied XML leading to information di...
CVE-2026-8045
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
PT-2026-48275
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An Improper Restriction of XML External Entity Reference XXE allows arbitrary file system read. This issue enables an attacker to access sensitive files...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improperly configured XML parsing in the PrettyPrintingContentModifier and XmlContentHandler classes, in PrettyPrintingContentModifier.java and payload/XmlContentHandler.java. When the...
PT-2026-48306
Name of the Vulnerable Software and Affected Versions Spring REST Docs version 4.0.0 Spring REST Docs versions 3.0.0 through 3.0.5 Spring REST Docs versions 2.0.0.RELEASE through 2.0.8.RELEASE Description An XXE XML External Entity injection attack can occur when using spring-restdocs-webtestclie...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...