Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

EUVD-2025-206567

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns...

CVE-2025-36442 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns...

PT-2026-5461

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description The software may experience a denial of...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2025-36442)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. Vulnerability Details CVEID:CVE-2025-36442 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denia...

EUVD-2014-8728

Malware in sbrugna...

EUVD-2014-8754

Malware in sbrugna...

EUVD-2023-42503

Malicious code in bioql PyPI...

Adobe Experience Manager 安全漏洞

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An XML entity injection vulnerability exists in Adobe Experienc...

Malicious code in xml-query-minify-error-lambda (npm)

The package xml-query-minify-error-lambda was found to contain malicious code...

MAL-2025-39878 Malicious code in xml-query-minify-error-lambda (npm)

The package xml-query-minify-error-lambda was found to contain malicious code...

The vulnerabilities of the DBMS_XMLGEN and DBMS_XMLQUERY functions of the XWiki Platform, a platform for creating collaborative web applications. This allows attackers to execute arbitrary code.

The vulnerability of the DBMSXMLGEN and DBMSXMLQUERY functions of the XWiki Platform for creating collaborative web applications is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...

XWiki Platform 注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. An SQL injection vulnerability exists in XWiki Platform that stems from the query validator not cleaning up functions such as DBMSXMLGEN or DBMSXMLQUERY, which could lead to an SQL injection...

CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement (CVE-2023-38728)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement. Vulnerability Details CVEID:CVE-2023-38728 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to denial of service with a specially crafted XML query statemen...

CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258...

CVE-2023-38728

CVE-2023-38728 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5. Description: denial of service via a specially crafted XML query statement. Classified with a base CVSS about MEDIUM–HIGH depending on vector, and IBM X-Force ID 262258. Connected sources indic...

CVE-2023-38728 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258...

K10631153: Apache Solr vulnerability CVE-2017-12629

Security Advisory Description Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to...