Description
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Extended Description
If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.
CVE vulnerabilities with CWE-776 (97)
9.8
CVSS
CRITICAL
CVE-2019-19144
pub. 2025-08-01
9.8
CVSS
CRITICAL
CVE-2022-23640
pub. 2022-03-02
9.8
CVSS
CRITICAL
CVE-2014-2228
pub. 2020-02-19
9.8
CVSS
CRITICAL
CVE-2013-4335
pub. 2020-02-07
9.1
CVSS
CRITICAL
CVE-2021-23926
pub. 2021-01-14
9.1
CVSS
CRITICAL
CVE-2020-24590
pub. 2020-08-21
8.7
CVSS
HIGH
CVE-2026-41673
pub. 2026-05-07
8.1
CVSS
HIGH
CVE-2021-32623
pub. 2021-06-16
7.5
CVSS
HIGH
CVE-2026-44020
pub. 2026-06-24
7.5
CVSS
HIGH
CVE-2026-45771
pub. 2026-06-09
7.5
CVSS
HIGH
CVE-2026-31248
pub. 2026-05-11
7.5
CVSS
HIGH
CVE-2026-26171
pub. 2026-04-14
7.5
CVSS
HIGH
CVE-2026-33116
pub. 2026-04-14
7.5
CVSS
HIGH
CVE-2026-33908
pub. 2026-04-13
7.5
CVSS
HIGH
CVE-2026-33036
pub. 2026-03-20
7.5
CVSS
HIGH
CVE-2026-29074
pub. 2026-03-06
7.5
CVSS
HIGH
CVE-2026-26278
pub. 2026-02-19
7.5
CVSS
HIGH
CVE-2025-3225
pub. 2025-07-07
7.5
CVSS
HIGH
CVE-2024-28757
pub. 2024-03-10
7.5
CVSS
HIGH
CVE-2023-49967
pub. 2023-12-07
Showing 20 of 97 vulnerabilities