Astra Linux – Vulnerability in Jackson-Databind

A flaw was discovered in FasterXML Jackson Databind; it does not properly secure entity expansion. This flaw exposes the system to XML external entity XXE attacks. The most significant threat from this vulnerability is data integrity...

[SECURITY] [DSA 6246-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6246-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2026 https://www.debian.org/security/faq -...

WebPentestKit2

\ 🛡️ WebPentestKit2 \Advanced Web Application Exploitatio...

PT-2026-36636

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The ExtensionLoader.instantiateExtensionClass, String function loads a class by its fully-qualified name using Class.forName and invokes its no-arg...

PT-2026-36635

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The DictionaryEntryPersistor class initializes a static SAXParserFactory without enabling FEATURE SECURE PROCESSING or disabling DTD processing. When...

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

CVE-2026-43507

Prosody contains a denial-of-service vulnerability (CVE-2026-43507) due to memory exhaustion from XML parsing resource amplification over unauthenticated connections. Affected versions are Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. The underlying issue is in XML parsing that ca...

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

Prosody 安全漏洞

Prosody is an instant messaging server software from Prosody Open Source. A security vulnerability exists in Prosody versions prior to 0.12.6, 1.0.0 through 13.0.0, and prior to 13.0.5, which stems from an amplified XML parsing resource over an unauthenticated connection that could result in a...

n8n Node.js Package < 1.123.32 / 2.x < 2.17.4 / 2.18.x < 2.18.1 XML Node Prototype Pollution RCE (GHSA-hqr4-h3xv-9m3r)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.32, 2.x prior to 2.17.4, or 2.18.x prior to 2.18.1. It is, therefore, affected by a remote code execution vulnerability: - An authorized user with workflow creation or modification capabilities can exploit...

Wireshark 2.2.x < 2.2.12 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.12. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.12 advisory. - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

CVE-2025-14543

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from...

EUVD-2022-55964

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

CVE-2025-14543

CVE-2025-14543 affects Connext Professional (Core Libraries) with an XML External Entity Reference (XXE) vulnerability that enables Serialized Data External Linking. The issue is described as an improper restriction of external entities. Affected versions include: from 7.4.0 up to but not includi...

CVE-2025-14543

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3....

CVE-2025-14543 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from...

CVE-2025-14543 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from...