1539 matches found
VMWare Cloud Foundation NSX-V - XML External Entity (XXE)
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...
Citrix StoreFront Server - XML External Entity
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 3.12.4000, and 7.6 LTSR before CU8 3.0.8000 allows XXE attacks. id: CVE-2019-13608 info: name: Citrix StoreFront Server - XML External Entity author: daffainfo severity: high description: | Citrix StoreFront Server before 1903, 7.15 LTSR...
GeoServer WFS - XXE Processing Vulnerability
GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...
CVE-2026-48359
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...
CVE-2026-48359 Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...
CVE-2026-47898 Apache Lucene.Net: XXE vulnerability in Lucene.Net.Analysis.Common PatternParser
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...
CVE-2026-13449
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-13449 DESCRIPTION: IBM Business Automation Manager Open Editions is vulnerable t...
OPENSUSE-SU-2026:21169-1 Security update for python-biopython
This update for python-biopython fixes the following issues: Changes in python-biopython: - CVE-2025-68463: Fixed a information disclosure caused by a XXE vulnerability boo1255465...
ubilling-multi-vuln-cve
GitHub Security Advisory: Ubilling — Multiple Critical Vulnera...
CVE-2026-57303
Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...
CVE-2026-49875
A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...
CVE-2026-47960 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...
PT-2026-46101
Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack
Summary XML external entity injection XXE vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-3603 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001...
CVE-2026-3603
The CVE-2026-3603 issue affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (iFix001–iFix021), 7.1.0 (iFix001–iFix009), and 7.2.0 (iFix001–iFix002). A XML external entity (XXE) vulnerability arises when processing XML data, allowing an authenticated attacker to potent...
CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...
Unity Linux 20.1060e / 20.1070e Security Update: jdom2 (UTSA-2026-016676)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016676 advisory. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. Tenable has extracted the preceding...