Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57259 |
|
XXE (XML External Entity) in CVE-2026-57259 (CVE-2026-57259)
vulnerability in CVE-2026-57259 (CVE-2026-57259). Confidential information can be exposed externally.
|
| CVE-2026-47898 |
|
XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13449 |
|
XXE (XML External Entity) in ibm (CVE-2026-13449)
vulnerability in ibm (CVE-2026-13449). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12975 |
|
XXE (XML External Entity) in ssrf (CVE-2026-12975)
vulnerability in ssrf (CVE-2026-12975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57234 |
|
Vulnerability in ssrf (CVE-2026-57234)
vulnerability in ssrf (CVE-2026-57234). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-56701 |
|
XXE (XML External Entity) in CVE-2026-56701 (CVE-2026-56701)
vulnerability in CVE-2026-56701 (CVE-2026-56701). Confidential information can be exposed externally.
|
| CVE-2026-6653 |
|
Use-After-Free in CVE-2026-6653 (CVE-2026-6653)
vulnerability in CVE-2026-6653 (CVE-2026-6653). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12788 |
|
Vulnerability in CVE-2026-12788 (CVE-2026-12788)
vulnerability in CVE-2026-12788 (CVE-2026-12788). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48981 |
|
XXE (XML External Entity) in CVE-2026-48981 (CVE-2026-48981)
vulnerability in CVE-2026-48981 (CVE-2026-48981). Confidential information can be exposed externally.
|
| CVE-2026-55471 |
|
XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471). Risk of unauthorized operations or information disclosure. Exploitable via `GET /evil-fhir-xslt-ssrf.dtd`. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2025-58175 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
|
| CVE-2026-49875 |
|
XXE (XML External Entity) in apache (CVE-2026-49875)
vulnerability in apache (CVE-2026-49875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40998 |
|
XXE (XML External Entity) in CVE-2026-40998 (CVE-2026-40998)
vulnerability in CVE-2026-40998 (CVE-2026-40998). Confidential information can be exposed externally.
|
| CVE-2026-40991 |
|
XXE (XML External Entity) in CVE-2026-40991 (CVE-2026-40991)
vulnerability in CVE-2026-40991 (CVE-2026-40991). Confidential information can be exposed externally.
|
| CVE-2026-47960 |
|
XXE (XML External Entity) in adobe (CVE-2026-47960)
vulnerability in adobe (CVE-2026-47960). Confidential information can be exposed externally.
|
| CVE-2026-8045 |
|
XXE (XML External Entity) in schneider-electric (CVE-2026-8045)
vulnerability in schneider-electric (CVE-2026-8045). Confidential information can be exposed externally.
|
| CVE-2026-44020 |
|
Vulnerability in docling (CVE-2026-44020)
vulnerability in docling (CVE-2026-44020). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.74.0` or later.
|
| CVE-2026-44018 |
|
Vulnerability in docling (CVE-2026-44018)
vulnerability in docling (CVE-2026-44018). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-49383 |
|
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
|
| CVE-2026-2253 |
|
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
|
| CVE-2026-3603 |
|
XXE (XML External Entity) in ibm (CVE-2026-3603)
vulnerability in ibm (CVE-2026-3603). Confidential information can be exposed externally.
|
| CVE-2026-46722 |
|
XXE (XML External Entity) in tpwd/ke_search (CVE-2026-46722)
vulnerability in tpwd/ke_search (CVE-2026-46722). Risk of unauthorized operations or information disclosure. Exploitable via ``ke_search``. Mitigation: upgrade to `4.6.7` or later.
|
| CVE-2026-39053 |
|
XXE (XML External Entity) in ssrf (CVE-2026-39053)
vulnerability in ssrf (CVE-2026-39053). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44445 |
|
XXE (XML External Entity) in frappe (CVE-2026-44445)
vulnerability in frappe (CVE-2026-44445). Confidential information can be exposed externally. Mitigation: upgrade to `15.104.3` or later.
|
| CVE-2026-42212 |
|
Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26171 |
|
Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2023-42344 |
|
XXE (XML External Entity) in org.opencms:opencms-core (CVE-2023-42344)
vulnerability in org.opencms:opencms-core (CVE-2023-42344). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.1` or later.
|
| CVE-2023-42346 |
|
Vulnerability in CVE-2023-42346 (CVE-2023-42346)
vulnerability in CVE-2023-42346 (CVE-2023-42346). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21282 |
|
XXE (XML External Entity) in java (CVE-2022-21282)
vulnerability in java (CVE-2022-21282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
|
| CVE-2026-41895 |
|
XXE (XML External Entity) in changedetection.io (CVE-2026-41895)
vulnerability in changedetection.io (CVE-2026-41895). Confidential information can be exposed externally. Exploitable via ``XXE``.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2025-14543 |
|
XXE (XML External Entity) in rti (CVE-2025-14543)
vulnerability in rti (CVE-2025-14543). Confidential information can be exposed externally.
|
| CVE-2024-13971 |
|
XXE (XML External Entity) in lobster-world (CVE-2024-13971)
vulnerability in lobster-world (CVE-2024-13971). Confidential information can be exposed externally.
|
| CVE-2024-39847 |
|
XXE (XML External Entity) in 4d (CVE-2024-39847)
vulnerability in 4d (CVE-2024-39847). Confidential information can be exposed externally.
|
| CVE-2026-22016 |
|
Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
|
| CVE-2026-4374 |
|
XXE (XML External Entity) in rti (CVE-2026-4374)
vulnerability in rti (CVE-2026-4374). Confidential information can be exposed externally.
|
| CVE-2026-4980 |
|
XXE (XML External Entity) in inkscape (CVE-2026-4980)
vulnerability in inkscape (CVE-2026-4980). Confidential information can be exposed externally.
|
| CVE-2026-28809 |
|
XXE (XML External Entity) in esaml (CVE-2026-28809)
vulnerability in esaml (CVE-2026-28809). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2025-68463 |
|
XXE (XML External Entity) in CVE-2025-68463 (CVE-2025-68463)
vulnerability in CVE-2025-68463 (CVE-2025-68463). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-58360 KEV |
|
[KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61821 |
|
XXE (XML External Entity) in adobe (CVE-2025-61821)
vulnerability in adobe (CVE-2025-61821). Confidential information can be exposed externally.
|
| CVE-2025-61813 |
|
XXE (XML External Entity) in adobe (CVE-2025-61813)
vulnerability in adobe (CVE-2025-61813). Confidential information can be exposed externally.
|
| CVE-2025-2775 KEV |
|
[KEV] XXE (XML External Entity) in sysaid (CVE-2025-2775)
vulnerability in sysaid (CVE-2025-2775). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2776 KEV |
|
[KEV] XXE (XML External Entity) in sysaid (CVE-2025-2776)
vulnerability in sysaid (CVE-2025-2776). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-52162 |
|
XXE (XML External Entity) in CVE-2025-52162 (CVE-2025-52162)
vulnerability in CVE-2025-52162 (CVE-2025-52162). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-55875 |
|
Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
vulnerability in org.http4k:http4k-format-xml (CVE-2024-55875). Successful exploitation can lead to full system takeover. Exploitable via ``DocumentBuilderFactory``. Mitigation: upgrade to `6.50.0.0` or later.
|
| CVE-2023-45727 KEV |
|
[KEV] XXE (XML External Entity) in North grid north-grid (CVE-2023-45727)
vulnerability in North grid north-grid (CVE-2023-45727). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7098 |
|
XXE (XML External Entity) in sfs (CVE-2024-7098)
vulnerability in sfs (CVE-2024-7098). Successful exploitation can lead to full system takeover.
|
| CVE-2024-45490 |
|
Vulnerability in c (CVE-2024-45490)
vulnerability in c (CVE-2024-45490). Risk of unauthorized operations or information disclosure.
|