Falhas do tipo CWE-91
72 resultadosCVE-2026-47273MEDIUMpam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queriesEPSS 0.3%CVE-2022-20729MEDIUMCisco Firepower Threat Defense Software XML Injection VulnerabilityEPSS 0.3%CVE-2025-47184MEDIUMAn XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 aEPSS 0.2%CVE-2026-41650MEDIUMfast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped DelimitersEPSS 0.2%CVE-2026-53723MEDIUMguzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA TerminatorEPSS 0.2%CVE-2026-11169HIGHInappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UEPSS 0.2%CVE-2026-44665MEDIUMfast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributesEPSS 0.2%CVE-2026-44664MEDIUMfast-xml-builder: Comment Value bypass regexEPSS 0.2%CVE-2026-27693MEDIUMtraccar allows XML injection in KML and GPX exportsEPSS 0.2%CVE-2026-1554MEDIUMCentral Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007EPSS 0.2%CVE-2022-50902HIGHWondershare FamiSafe 1.0 - 'FSService' Unquoted Service PathEPSS 0.1%CVE-2024-34740HIGHIn attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer oveEPSS 0.1%