CVE-2025-58360 is an unauthenticated XXE in OSGeo GeoServer being exploited in the wild; affected versions require immediate patching to prevent file access, SSRF, and DoS.
Apache Tika contains a critical XXE vulnerability (CVE-2025-66516) rated 10.0 that enables XML External Entity injection via crafted XFA files in PDFs.
Critical Dell Storage Manager flaws could let hackers access sensitive data - patch now
Critical authentication and XML entity vulnerabilities in Dell Storage Manager prior to 20.1.21 allow unauthenticated attackers to access APIs, disclose data, and access files.