Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-776 (DTD中递归实体索引的不恰当限制(XML实体扩展)) — Vulnerability Class 24

24 vulnerabilities classified as CWE-776 (DTD中递归实体索引的不恰当限制(XML实体扩展)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40260 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM — pypdf 6.5AIMediumAI2026-04-16
CVE-2026-33036 fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278) — fast-xml-parser 7.5 High2026-03-20
CVE-2026-29074 SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs) — svgo 7.5 High2026-03-06
CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload — Markus 4.9 Medium2026-03-06
CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit) — fast-xml-parser 7.5 High2026-02-19
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise — Splunk Enterprise 4.6 Medium2025-10-01
CVE-2025-5466 Ivanti多款产品 安全漏洞 — Connect Secure 4.9 Medium2025-08-12
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index — run-llama/llama_index 7.5 -2025-07-07
CVE-2025-0617 Trellix HX 安全漏洞 — Trellix HX Console 5.9 Medium2025-01-29
CVE-2024-43398 REXML denial of service vulnerability — rexml 5.9 Medium2024-08-22
CVE-2024-28982 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference — Pentaho Business Analytics Server 7.1 High2024-06-26
CVE-2024-27142 Pre-authenticated XXE injection — Toshiba Tec e-Studio multi-function peripheral (MFP) 5.9 Medium2024-06-14
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection — Toshiba Tec e-Studio multi-function peripheral (MFP) 5.9 Medium2024-06-14
CVE-2024-1455 Billion Laughs Attack leading to DoS in langchain-ai/langchain — langchain-ai/langchain 7.5AIHighAI2024-03-26
CVE-2023-3569 PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT — CLOUD CLIENT 1101T-TX/TX 4.9 Medium2023-08-08
CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases — kaml 7.5 High2023-03-20
CVE-2022-0217 Prosodical Thoughts Prosody安全漏洞 — prosody 9.1 -2022-08-26
CVE-2022-34467 Siemens Mendix Excel Importer Module 安全漏洞 — Mendix Excel Importer Module (Mendix 8 compatible) 6.5 -2022-07-12
CVE-2021-31842 McAfee Endpoint Security 代码问题漏洞 — McAfee Endpoint Security (ENS) for WIndows 5.0 Medium2021-09-17
CVE-2021-32623 Opencast vulnerable to billion laughs attack (XML bomb) — opencast 8.1 High2021-06-15
CVE-2021-1267 Cisco Firepower Management Center XML Entity Expansion Vulnerability — Cisco Firepower Management Center 6.5 -2021-01-13
CVE-2020-5227 Feedgen Vulnerable to XML Denial of Service Attacks — python-feedgen 4.4 Medium2020-01-28
CVE-2019-5442 Pippo 资源管理错误漏洞 — Pippo 7.5 -2019-06-12
CVE-2019-5427 c3p0 资源管理错误漏洞 — c3p0 7.5 -2019-04-22

Vulnerabilities classified as CWE-776 (DTD中递归实体索引的不恰当限制(XML实体扩展)) represent 24 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.