CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•6 views

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

CNNVD•added 6 days ago•4 views

VMware Spring REST Docs 代码问题漏洞

VMware Spring REST Docs is a REST API documentation generation framework developed by VMware, Inc. There are code-related vulnerabilities in VMware Spring REST Docs. These vulnerabilities arise when using spring-restdocs-webtestclient or spring-restdocs-restassistant to record remote APIs accesse...

Snyk•added 6 days ago•2 views

XML External Entity (XXE) Injection

Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...

8.8CVSS5.7AI score0.00386EPSS

Tenable Nessus•added 6 days ago•6 views

Jenkins LTS < 2.555.3 / Jenkins weekly < 2.568 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.555.3 or Jenkins weekly prior to 2.568. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through...

8.8CVSS5.5AI score0.00368EPSS

Exploits1References9

CNNVD•added 6 days ago•2 views

National Security Agency Ghidra 安全漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 11.2 contained security vulnerabilities. These vulnerabilities were caused by an undefined static initialization...

4CVSS5.4AI score0.0011EPSS

CVE•added last week•7 views

CVE-2026-40991

The CVE-2026-40991 issue affects Spring REST Docs: 4.0.0; 3.0.0–3.0.5; and 2.0.0.RELEASE–2.0.8.RELEASE. When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote HTTP API, an attacker who compromises the API or tricks a user into documenting a malicious API can ...

Vulnrichment•added last week•5 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

RedhatCVE•added last week•7 views

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.8CVSS5.3AI score0.00321EPSS

Exploits1References1

Cvelist•added last week•29 views

CVE-2026-47960 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS0.0067EPSS

EUVD•added last week•7 views

EUVD-2026-35831

7.4CVSS5.6AI score0.0067EPSS

CVE•added last week•11 views

CVE-2026-47960

CVE-2026-47960 summary ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference (XXE) that could lead to an arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th...

7.4CVSS5.6AI score0.0067EPSS

Exploits0References1Affected Software1

EUVD•added 2026/06/09 6:30 p.m.•6 views

EUVD-2026-35446

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00253EPSS

NVD•added 2026/06/09 5:17 p.m.•7 views

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS0.00343EPSS

NVD•added 2026/06/09 4:16 p.m.•6 views

CVE-2026-8045

7.1CVSS0.00253EPSS

Vulnrichment•added 2026/06/09 3:59 p.m.•5 views

CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.00223EPSS

CVE•added 2026/06/09 3:51 p.m.•14 views

CVE-2026-45771

FreeSWITCH (before version 1.11.0) is vulnerable to a Denial-of-Service via its bundled XML parser, which expands nested declarations without a bound, allowing an unauthenticated attacker to drive unbounded CPU/memory usage by sending a crafted SIP PUBLISH PIDF body. The issue arises because the...

7.5CVSS5.4AI score0.00343EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/09 3:51 p.m.•34 views

CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

7.5CVSS0.00343EPSS