Lucene search
+L

1539 matches found

Nuclei
Nuclei
added 12 hours ago14 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS7.8AI score0.08019EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago15 views

Citrix StoreFront Server - XML External Entity

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 3.12.4000, and 7.6 LTSR before CU8 3.0.8000 allows XXE attacks. id: CVE-2019-13608 info: name: Citrix StoreFront Server - XML External Entity author: daffainfo severity: high description: | Citrix StoreFront Server before 1903, 7.15 LTSR...

7.5CVSS7.2AI score0.30041EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

GeoServer WFS - XXE Processing Vulnerability

GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...

9.9CVSS7AI score0.50825EPSS
Exploits1References6
NVD
NVD
added 3 days ago4 views

CVE-2026-48359

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS0.00534EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-48359 Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS6.5AI score0.00534EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 7:47 a.m.52 views

CVE-2026-47898 Apache Lucene.Net: XXE vulnerability in Lucene.Net.Analysis.Common PatternParser

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

4CVSS0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:32 p.m.9 views

CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS5.8AI score0.00406EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 10:4 a.m.4 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-13449 DESCRIPTION: IBM Business Automation Manager Open Editions is vulnerable t...

9.1CVSS5.8AI score0.00406EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/29 8:28 a.m.3 views

OPENSUSE-SU-2026:21169-1 Security update for python-biopython

This update for python-biopython fixes the following issues: Changes in python-biopython: - CVE-2025-68463: Fixed a information disclosure caused by a XXE vulnerability boo1255465...

4.9CVSS5.8AI score0.00293EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/28 7:28 a.m.70 views

ubilling-multi-vuln-cve

GitHub Security Advisory: Ubilling — Multiple Critical Vulnera...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.10 views

CVE-2026-49875

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5AI score0.00527EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 8:33 p.m.8 views

CVE-2026-47960 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46101

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

7.5CVSS6AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:2 p.m.20 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

Summary XML external entity injection XXE vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-3603 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001...

7.1CVSS5.7AI score0.00354EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/26 6:17 p.m.24 views

CVE-2026-3603

The CVE-2026-3603 issue affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (iFix001–iFix021), 7.1.0 (iFix001–iFix009), and 7.2.0 (iFix001–iFix002). A XML external entity (XXE) vulnerability arises when processing XML data, allowing an authenticated attacker to potent...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 12:17 p.m.19 views

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.7AI score0.00338EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

Unity Linux 20.1060e / 20.1070e Security Update: jdom2 (UTSA-2026-016676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016676 advisory. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. Tenable has extracted the preceding...

7.5CVSS6.8AI score0.19442EPSS
Exploits1References4
Rows per page
Query Builder