CWE-776

Medium likelihood

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Parent: CWE-674 - Uncontrolled Recursion

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

69 vulnerabilities with CWE-776
CVE-2026-29074 HIGH
SVGO 2.1.0-2.8.0/3.0.0-3.3.2/4.0.0 - DoS
CVSS 7.5
CVE-2026-27807 MEDIUM
MarkUs <2.9.4 - Deserialization
CVSS 4.9
CVE-2026-26278 HIGH
fast-xml-parser 4.1.3-5.3.5 - DoS
CVSS 7.5
CVE-2025-20369 MEDIUM
Splunk <9.4.4, <9.3.6, <9.2.8 - DoS
CVSS 4.6
CVE-2025-5466 MEDIUM
Ivanti Connect Secure < 22.7 - XML Entity Expansion
CVSS 4.9
CVE-2019-19144 CRITICAL
Quantum DXi6702 <2.3.0.3 - SSRF
CVSS 9.8
CVE-2025-3225 HIGH
run-llama/llama_index <v0.12.21 - DoS
CVSS 7.5
CVE-2025-0617 MEDIUM
HX <10.0.0 - DoS
CVSS 5.9
CVE-2024-43398 MEDIUM
Ruby-lang Rexml < 3.3.6 - XML Entity Expansion
CVSS 5.9
CVE-2024-28982 HIGH
Hitachi Pentaho Business Analytics Server - XML Entity Expansion
CVSS 7.1
CVE-2024-27142 MEDIUM
Toshiba Printers - SSRF
CVSS 5.9
CVE-2024-27141 MEDIUM
Toshiba - SSRF
CVSS 5.9
CVE-2022-28652 MEDIUM
~/.config/apport/settings - Info Disclosure
CVSS 5.5
CVE-2024-1455 MEDIUM
Langchain < 0.1.35 - XML Entity Expansion
CVSS 5.9
CVE-2024-28757 HIGH
Libexpat < 2.6.2 - XML Entity Expansion
CVSS 7.5
CVE-2023-52426 MEDIUM
Libexpat < 2.5.0 - XML Entity Expansion
CVSS 5.5
CVE-2023-49967 HIGH
Typecho - XML Entity Expansion
CVSS 7.5
CVE-2023-41635 MEDIUM
GruppoSCAI RealGimm <1.1.37p38 - XSS
CVSS 6.5
CVE-2023-3569 MEDIUM
Phoenixcontact Cloud Client 1101t-tx Firmware < 2.06.10 - XML Entity Expansion
CVSS 4.9
CVE-2023-38490 MEDIUM
Kirby <3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, 3.9.6 - XXE
CVSS 6.8
CVE-2023-28118 HIGH
Kaml < 0.53.0 - XML Entity Expansion
CVSS 7.5
CVE-2023-20052 MEDIUM
ClamAV <1.0.0 - Info Disclosure
CVSS 5.3
CVE-2022-44641 MEDIUM
Linaro Lava < 2022.11 - XML Entity Expansion
CVSS 6.5
CVE-2022-34430 HIGH
Dell Hybrid Client < 1.8 - Path Traversal
CVSS 7.1
CVE-2022-25857 HIGH
Snakeyaml < 1.31 - XML Entity Expansion
CVSS 7.5
Details
Vulnerabilities 69
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits