CVE-2024-42374

BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS rendering PDF creation unavailable. This affects...

PT-2025-25520

Name of the Vulnerable Software and Affected Versions libxml2 versions affected versions not specified Description A use-after-free issue was found in libxml2, occurring when parsing XPath elements under certain circumstances, specifically when the XML schematron contains the "sch:name path" sche...

SimpleSAMLphp vulnerable to XXE in parsing SAML messages

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. Original Description Summary When loading an untrusted XML document, fo...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

SimpleSAMLphp xml-common XXE vulnerability

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.phpL39 including the DTDLoad option, which allows an attacker to read file contents...

GHSA-2X65-FPCH-2FCM SimpleSAMLphp xml-common XXE vulnerability

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.phpL39 including the DTDLoad option, which allows an attacker to read file contents...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

expat security update

An update is available for expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat...

TopQuadrant TopBraid EDG 安全漏洞

TopQuadrant TopBraid EDG is a knowledge graph creation and management tool from TopQuadrant. A security vulnerability exists in TopQuadrant TopBraid EDG versions prior to 8.0.1, which originated from a vulnerability that allows an authenticated attacker to upload an XML DTD file and execute...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...

Huawei EulerOS: Security Advisory for python-reportlab (EulerOS-SA-2024-2075)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python-reportlab (EulerOS-SA-2024-2075)

According to the versions of the python-reportlab package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input i...

PYSEC-2024-65

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

BIT-MAGENTO-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

XML External Entity (XXE) Injection

magento/community-edition is vulnerabile to XML External Entity XXE Injection. The vulnerability is due to improper handling of XML documents which allows for external entities to be referenced, leading to potential arbitrary code execution. An attacker can exploit this by sending a crafted XML...

GHSA-M8CJ-3V68-3CXJ Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

Oracle WebLogic Server OS Command Injection Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document...