2717 matches found
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities. Details XXE Injection is a type of attack against an applicatio...
ALSA-2025:22175 Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...
ALSA-2025:21030 Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...
CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration
An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...
CVE-2025-10713
CVE-2025-10713 is an XML External Entity (XXE) vulnerability affecting multiple WSO2 products due to improper XML parser configuration. The issue allows an attacker to read sensitive server files or cause DoS via unrestrained external entities. Documented impact: remote, unauthenticated access wi...
PT-2025-45144
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An issue exists where the XML parser is improperly configured. The application processes user-provided XML data without adequate restrictions, potentially allowing the resolution of...
EUVD-2025-36649
Jenkins JDepend Plugin vulnerable to XML external entity attacks...
CVE-2025-53814
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53855
The CVE-2025-53855 entry refers to an out-of-bounds write in the XML parser of GCC Productions Inc. Fade In 4.2.0. Talos confirms a vulnerability in Fade In’s XML parsing logic where the software can access memory via a missing/negated index, causing an out-of-bounds write and memory corruption. ...
EUVD-2025-36500
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53814
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
EUVD-2025-36501
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53814
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-53814
CVE-2025-53814 affects GCC Productions Inc. Fade In 4.2.0. Cisco Talos details a use-after-free in Fade In's XML parser that can lead to heap-based memory corruption when processing a crafted .xml file. The TALOS-2025-2252 advisory confirms a heap corruption path via the XML parsing logic, with e...