Falhas do tipo CWE-776
34 resultadosCVE-2019-5427—c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursiEPSS 4.9%CVE-2022-0217—It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsEPSS 4.4%CVE-2024-28757HIGHlibexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityPEPSS 2.0%CVE-2020-5227MEDIUMFeedgen Vulnerable to XML Denial of Service AttacksEPSS 1.6%CVE-2023-38490MEDIUMKirby XML External Entity (XXE) vulnerability in the XML data handlerEPSS 1.5%CVE-2019-5442—XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amountsEPSS 1.4%CVE-2021-32623HIGHOpencast vulnerable to billion laughs attack (XML bomb)EPSS 1.3%CVE-2024-43398MEDIUMREXML denial of service vulnerabilityEPSS 1.2%CVE-2024-27141MEDIUMPre-authenticated Time-Based Blind XXE injectionEPSS 1.1%CVE-2023-3569MEDIUMPHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENTEPSS 1.0%CVE-2021-1267MEDIUMCisco Firepower Management Center XML Entity Expansion VulnerabilityEPSS 1.0%CVE-2023-28118HIGHkaml has potential denial of service while parsing input with anchors and aliases EPSS 1.0%CVE-2022-44641MEDIUMIn Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that causEPSS 1.0%CVE-2024-27142MEDIUMPre-authenticated XXE injectionEPSS 0.9%CVE-2024-1455MEDIUMBillion Laughs Attack leading to DoS in langchain-ai/langchainEPSS 0.8%CVE-2022-34467—A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer ModEPSS 0.7%CVE-2019-19144CRITICALXML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.EPSS 0.7%CVE-2025-5466MEDIUMXEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and IvaEPSS 0.6%CVE-2026-26278HIGHfast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)EPSS 0.6%CVE-2026-33036HIGHfast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)EPSS 0.6%