EUVD-2026-38188

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Missing XML Validation CVE-2026-1190

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1190 DESCRIPTION: A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup...

Astra Linux - уязвимость в chromium

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

BIT-JAVA-MIN-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

Missing XML Validation vulnerability in Apache Struts Dependency in Bamboo Data Center

This High severity Missing XML Validation vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0 and 10.2.0 of Bamboo Data Center. This Missing XML Validation vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an plugin vendor ...

Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-68493 DESCRIPTION: Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache...

EUVD-2026-8811

fast-xml-parser has stack overflow in XMLBuilder with preserveOrder...

K000160014: Apache Struts vulnerability CVE-2025-68493

Security Advisory Description Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. CVE-2025-68493 Impact...

CVE-2026-25128

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-rang...

MiracleLinux 8 : java-11-openjdk-11.0.8.10-0.el8 (AXSA:2020-547:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-547:07 advisory. OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access Libraries, 8238920 CVE-2020-14583 OpenJDK: Incomplete bounds checks in Affine...

Missing XML Validation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing XML Validation of the NotOnOrAfter timestamp in SubjectConfirmationData when SAML is configured to ac...

GHSA-QCFC-HMRC-59X7 Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

CVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

CVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

Missing XML Validation

Overview org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language. Affected versions of this package are vulnerable to Missing XML Validation. An attacker can access sensitive information or cause a denial of service by...

CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

CVE-2021-27617

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

PT-2026-1915

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.1.0 Description The issue is a missing XML validation check in Apache Struts, allowing for XML External Entity XXE attacks. This flaw resides in the XWork component and can be exploited by attackers to re...