SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

CVE-2025-66516 is a critical Apache Tika vulnerability can be exploited on all platforms in XXE injection attacks via crafted ...
The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE flaw CVE-2025-66516 affects multiple Apache Tika modules, exposing systems and requiring urgent updates.
CSO Online

Apache Tika hit by critical vulnerability thought to be patched months ago

CVE-2025-54988 is a weakness in the tika-parser-pdf-module used to process PDFs in Apache Tika from version 1.13 to and ...
Threat Post

XXE Bug Patched in Facebook Careers Third-Party Service

A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page. A vulnerability was discovered and patched in a third-party service that handles ...
Threat Post

Adobe Patches XXE Vulnerability in LiveCycle Data Services

Adobe pushed out a hotfix for LiveCycle Data Services patching an XXE vulnerability in BlazeDS. Adobe is today expected to push a hotfix through to implementations of its LiveCycle Data Services ...
CSOonline

Attackers target new Ivanti XXE vulnerability days after patch

The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update. Days after Ivanti announced patches for a new vulnerability in its ...