953 matches found
CVE-2022-45194
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure...
CVE-2022-24449
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...
CVE-2022-34832
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component...
CVE-2022-28217
Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...
CVE-2020-25215
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document...
CVE-2018-1000840
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...
CVE-2019-17323
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page...
CVE-2011-3287
Cisco Jabber Extensible Communications Platform aka Jabber XCP 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption, and process crash via...
CVE-2017-14743
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...
CVE-2011-3288
Cisco Unified Presence before 8.54 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption, and process crash via a crafted XML document containing a large number of nested entity references, aka Bug IDs...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API bsc1241551 CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read bsc1241453 Patch Instructions: To install this SUSE update use the...
samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
GHSA-R683-V43C-6XQV samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
SUSE-SU-2025:1435-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. bsc1241551 - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. bsc1241453...
CVE-2025-43708
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set2' is used, aka an "insecure deserialization" issue...
rexml: DoS vulnerability in REXML
A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...
CVE-2025-32415
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...
CVE-2025-43708
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set2' is used, aka an "insecure deserialization" issue...
CVE-2025-43708
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set2' is used, aka an "insecure deserialization" issue...