Total
1239 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-47960 | 1 Adobe | 1 Coldfusion | 2026-06-15 | N/A | 7.4 HIGH |
| ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | |||||
| CVE-2026-40998 | 2026-06-11 | N/A | 8.2 HIGH | ||
| Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML payloads could therefore be exposed to XML External Entity (XXE) style attacks. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8. | |||||
| CVE-2026-40991 | 2026-06-10 | N/A | 5.9 MEDIUM | ||
| When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed. Affected versions: Spring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE. | |||||
| CVE-2026-8045 | 2026-06-09 | N/A | N/A | ||
| CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints. | |||||
| CVE-2026-3603 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-06-02 | N/A | 7.1 HIGH |
| IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2026-49383 | 1 Jetbrains | 1 Intellij Idea | 2026-06-01 | N/A | 3.3 LOW |
| In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible | |||||
| CVE-2026-2253 | 2026-05-27 | N/A | 7.7 HIGH | ||
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities. | |||||
| CVE-2026-4980 | 1 Inkscape | 1 Inkscape | 2026-05-26 | N/A | 6.3 MEDIUM |
| A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags. | |||||
| CVE-2026-44618 | 1 Apache | 1 Cxf | 2026-05-22 | N/A | 5.3 MEDIUM |
| Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue. | |||||
| CVE-2026-28809 | 4 Arekinath, Dropbox, Handnot2 and 1 more | 4 Esaml, Esaml, Esaml and 1 more | 2026-05-22 | N/A | 5.3 MEDIUM |
| XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages. This issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled. | |||||
| CVE-2026-46722 | 2026-05-19 | N/A | N/A | ||
| The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index. | |||||
| CVE-2026-39053 | 2026-05-18 | N/A | 6.5 MEDIUM | ||
| Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML(...) or ViewXmlUtils.fromXML(...), unsafe XML processing can lead to file disclosure or SSRF. | |||||
| CVE-2024-39847 | 1 4d | 1 Server | 2026-05-17 | N/A | 7.5 HIGH |
| Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | |||||
| CVE-2024-13971 | 1 Lobster-world | 1 Lobster Pro | 2026-05-17 | N/A | 7.5 HIGH |
| Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | |||||
| CVE-2026-44445 | 1 Frappe | 1 Erpnext | 2026-05-14 | N/A | 6.5 MEDIUM |
| ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive configuration files. This vulnerability is fixed in 15.104.3 and 16.12.0. | |||||
| CVE-2026-41895 | 1 Webtechnologies | 1 Changedetection | 2026-05-13 | N/A | 7.5 HIGH |
| changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...). | |||||
| CVE-2026-42212 | 2026-05-12 | N/A | N/A | ||
| SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory (naming convention: foo.gpp to foo.vmid). The VMID parser called XDocument.Load(path) without any XmlReaderSettings, inheriting the framework defaults which in .NET 8 allow DTD processing. A malicious .vmid file could therefore: disclose local files via external entity references, exhaust memory via recursive entity expansion, and cause denial of service via oversized or deeply nested XML. This issue has been patched in version 1.0.2. | |||||
| CVE-2023-42346 | 2026-05-11 | N/A | 7.5 HIGH | ||
| Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host. | |||||
| CVE-2023-42344 | 2026-05-08 | N/A | 7.3 HIGH | ||
| Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet. | |||||
| CVE-2026-26171 | 3 Apple, Linux, Microsoft | 5 Macos, Linux Kernel, .net and 2 more | 2026-05-07 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | |||||