Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-776

CWE-776

Medium likelihood

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Parent: CWE-674 - Uncontrolled Recursion

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

75 vulnerabilities with CWE-776

CVE-2026-45771 HIGH

Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

CVE-2026-23822 MEDIUM

HPE ArubaOS AOS-8 Instant - XML External Entity Denial of Service

CVE-2026-31248 HIGH

Docling < 2.61.0 - XML Entity Expansion Denial of Service via METS GBS Backend

CVE-2026-42212 HIGH

SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

CVE-2026-40260 MEDIUM

pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

CVE-2026-33036 HIGH

fast-xml-parser <5.5.6 - Numeric Entity Expansion Denial of Service

CVE-2026-29074 HIGH

SVGO 2.1.0-2.8.0/3.0.0-3.3.2/4.0.0 - DoS

CVE-2026-27807 MEDIUM

Markus < 2.9.4 - XML External Entity Injection via YAML Alias Parsing

CVE-2026-26278 HIGH

fast-xml-parser 4.1.3-5.3.5 - XML External Entity Injection via Unrestricted Entity Expansion

CVE-2025-20369 MEDIUM

Splunk <9.4.4, <9.3.6, <9.2.8 - DoS

CVE-2025-5466 MEDIUM

Ivanti Connect Secure < 22.7 - Authenticated Denial of Service via XML Entity Expansion

CVE-2025-3225 HIGH

run-llama/llama_index <v0.12.21 - DoS

CVE-2025-0617 MEDIUM

Trellix HX Console < 5.1.1 - Denial of Service via XML Entity Expansion

CVE-2024-43398 MEDIUM

REXML < 3.3.6 - Denial of Service via Deep XML Element Parsing

CVE-2024-28982 HIGH

Hitachi Pentaho Business Analytics Server 8.3.0-9.3.0.6 - XML External Entity Injection in ACL Service Endpoint

CVE-2024-27142 MEDIUM

Toshiba Tec e-Studio multi-function peripheral (MFP) - XML External Entity Injection via API Endpoint

CVE-2024-27141 MEDIUM

Toshiba e-Studio MFP API - Blind XML External Entity Injection

CVE-2024-1455 MEDIUM

langchain 0.1.4-0.1.34 - Denial of Service via XML Entity Expansion

CVE-2024-28757 HIGH

libexpat < 2.6.2 - XML Entity Expansion via External Parser

CVE-2023-52426 MEDIUM

libexpat < 2.5.0 - XML Entity Expansion via Recursive Entity References

CVE-2023-49967 HIGH

Typecho 1.2.1 - XML Entity Expansion via XMLRPC Endpoint

CVE-2023-41635 MEDIUM

GruppoSCAI RealGimm <1.1.37p38 - XSS

CVE-2023-3569 MEDIUM

PHOENIX CONTACT TC Router and TC Cloud Client - Authenticated Denial of Service via XML Entity Expansion

CVE-2023-38490 MEDIUM

Kirby <3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, 3.9.6 - XXE

CVE-2023-28118 HIGH

kaml < 0.53.0 - Denial of Service via YAML Anchors and Aliases

Page 1 of 3 Next

Details

Vulnerabilities 75

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy