CVE-2021-38555

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

CVE-2021-42537

VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

CVE-2021-38566

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes...

CVE-2011-1757

DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

GNU PSPP 安全漏洞

GNU PSPP is an application for data sampling, statistics and analysis from the American GNU community. GNU PSPP suffers from a heap buffer overflow vulnerability. The vulnerability stems from the failure of the inflateread function called indirectly by spvreadxmlmember in zip-reader.c to properly...

RLSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

RHEL 8 : xmlrpc-c (RHSA-2025:4048)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4048 advisory. XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a...

USN-7424-1: Expat vulnerability

It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references. If a user or automated system were tricked into processing specially crafted XML input, an attacker could use this issue to cause a denial of service...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : Expat vulnerability (USN-7424-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7424-1 advisory. It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references. If a user o...

CVE-2025-30348

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...

CLSA-2025-1739961336 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free vulnerability in xmlXIncludeAddNode...

CVE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

CVE-2024-54171

IBM EntireX 11.1 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

PT-2025-5869 · Ibm · Ibm Entirex

Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this to expose sensitive information or consume memory resources...

CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

PT-2025-42963

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25 Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 Oracle GraalVM Enterprise Edition version 21.3.15 Description An issue exists in the Oracle Java SE, Oracle GraalVM for...

IBM WebSphere Application Server 安全漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...

CVE-2024-45072

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources...