Falhas do tipo CWE-776
34 resultadosCVE-2026-40260MEDIUMpypdf: Manipulated XMP metadata entity declarations can exhaust RAMEPSS 0.4%CVE-2025-3225HIGHXML Entity Expansion vulnerability in run-llama/llama_indexEPSS 0.4%CVE-2024-28982HIGHHitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity ReferenceEPSS 0.4%CVE-2023-52426MEDIUMlibexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.EPSS 0.4%CVE-2025-0617MEDIUMAn attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection EPSS 0.4%CVE-2026-45771HIGHFreeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity ExpansionEPSS 0.3%CVE-2026-29074HIGHSVGO: DoS through entity expansion in DOCTYPE (Billion Laughs)EPSS 0.3%CVE-2026-42212HIGHSolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parserEPSS 0.3%CVE-2026-27807MEDIUMMarkUs: YAML alias (‘billion laughs’) DoS in config uploadEPSS 0.3%CVE-2026-31248HIGHDocling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files froEPSS 0.3%CVE-2025-20369MEDIUMExtensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk EnterpriseEPSS 0.3%CVE-2026-23822MEDIUMUnauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of ServiceEPSS 0.3%CVE-2021-31842MEDIUMXML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a loEPSS 0.2%CVE-2022-28652MEDIUM~/.config/apport/settings parsing is vulnerable to "billion laughs" attackEPSS 0.2%