CVE-2023-7307

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

Linux Distros Unpatched Vulnerability : CVE-2022-28890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 a...

PT-2025-34950 · Sangfor · Iam +2

Name of the Vulnerable Software and Affected Versions: Sangfor Behavior Management System affected versions not specified Description: The Sangfor Behavior Management System also referred to as DC Management System contains an XML external entity XXE injection vulnerability in the /src/sangforind...

Linux Distros Unpatched Vulnerability : CVE-2017-8315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the...

Linux Distros Unpatched Vulnerability : CVE-2023-27476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib'...

XML External Entity (XXE) Injection

Allure is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parser configuration due to insecure settings in the xunit-xml-plugin that allow external entity expansion when processing .xml test result files...

TencentOS Server 3: expat (TSSA-2022:0042)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0042 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Prototype Pollution due to fast-xml-parser ( CVE-2023-26920 )

Summary fast-xml-parser is used by IBM Cloud Pak for Data. CVE-2023-26920. Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the tag or attribu...

OESA-2025-1537 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2023-26461

SAP NetWeaver allows SAP Enterprise Portal - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28680

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28681

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28682

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...