Lucene search
K

7673 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.5AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

6.5CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit thi...

7.1CVSS5.5AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.4AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46121

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.74.0 Description The USPTO patent XML parser uses the xml.sax.parseString function without protection against XML External Entity XXE attacks. This allows an attacker to use malicious XML files with external entity...

7.5CVSS5.9AI score0.00334EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46120

Name of the Vulnerable Software and Affected Versions Docling versions 2.45.0 through 2.90.0 Description The METS-GBS backend's XML parsing and input document format detection lack security controls. This allows for XML External Entity XXE attacks, which occur when an XML parser improperly handle...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/01 9:25 a.m.99 views

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

6AI score
Exploits0
NVD
NVD
added 2026/05/29 7:16 p.m.17 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.38 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:15 p.m.14 views

EUVD-2026-33391

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.8AI score0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.8AI score0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.8AI score0.00109EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 6:15 p.m.61 views

CVE-2026-49383

JetBrains IntelliJ IDEA prior to 2026.1 has a low-severity issue in the UI Designer form parser (xXE) that is locally exploitable with user interaction required. The CVSS 3.1 vector indicates Local access, Low complexity, no privileges, with Confidentiality impact Low and no impact on Integrity/A...

3.3CVSS5.8AI score0.00109EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2026.1 contained code vulnerabilities due to XML external entity injections in the UI Designer form parser...

3.3CVSS5.9AI score0.00109EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:10 p.m.10 views

USN-8324-1 tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

9.8CVSS6AI score0.79807EPSS
Exploits6References3
EUVD
EUVD
added 2026/05/27 2:54 a.m.14 views

EUVD-2026-32047

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:54 a.m.27 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/26 7:16 p.m.15 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...

7.1CVSS0.00354EPSS
Exploits0References1
Rows per page
Query Builder