at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), au.com.acegi:xml-format-maven-plugin (>=4.0.1 <=4.1.0) +1991 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=4.0.0 <=4.0.2)

org.codehaus.plexus:plexus-utils MAVEN version =4.0.0, =9.1.1, =4.0.1, =0.0.1, =0.0.9, =0.4.0, =0.0.0, =1.9.2, =1.0.0-M5, =1.0.0-M6, =1.0.0-M1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =1.0.0-M10 and more Source cves: CVE-2025-67030 Source advisory: OSV:GHSA-6FMV-XXPF-W3CW...

CVE-2025-14232

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2023-45612

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE...

CLSA-2025-1764677738 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

EUVD-2022-4166

Malicious code in bioql PyPI...

EUVD-2022-7060

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at...

CVE-2022-45133

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload...

CVE-2024-6961

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

GHSA-V62G-JWJ9-RFVX XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362

CVE-2023-48362 describes a XXE vulnerability in the XML Format Plugin of Apache Drill . The issue affects Drill 1.19.0 and later, enabling an attacker to read arbitrary files on a remote file system or execute commands through a crafted XML file. The documented remediation is to upgrade to Apache...

CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

PT-2024-13606 · Apache · Apache Drill

Name of the Vulnerable Software and Affected Versions: Apache Drill versions 1.19.0 through 1.21.1 Description: The issue allows a user to read any file on a remote file system or execute commands via a malicious XML file. This is due to an XXE vulnerability in the XML Format Plugin...

CVE-2024-38374

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...

XML External Entity (XXE)

org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...

ALPINE-CVE-2024-34459

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

CVE-2023-45612

CVE-2023-45612 affects JetBrains Ktor with the ContentNegotiation XML format enabled in versions before 2.3.5. The root cause is an insecure default XML configuration that allows external entity processing, enabling XXE. Exploitation can lead to file disclosure (e.g., reading server files) and SS...