CVE z tagiem xxe — 15 wyników. ← Wszystkie tagi

CVE-2016-9563 🔴 Łataj teraz KEV

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.

6.5 CVSS
58.8% EPSS
sapxxe 2016-11-23
CVE-2026-40042 🟠 Łataj w tym tygodniu

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious…

9.8 CVSS
0.1% EPSS
xxe 2026-04-13
CVE-2022-0239 🔴 Łataj teraz

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

9.8 CVSS
0.0% EPSS
stanfordexploitxxe 2022-01-17
CVE-2026-4374 🟠 Łataj w tym tygodniu

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data …

9.1 CVSS
0.0% EPSS
rtixxe 2026-04-01
CVE-2026-3511 🟡 Monitoruj

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain u…

8.6 CVSS
0.0% EPSS
ssrfxxe 2026-03-19
CVE-2025-61813 🟡 Monitoruj

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exp…

8.2 CVSS
0.1% EPSS
adobexxe 2025-12-10
CVE-2026-29924 🟡 Monitoruj

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

7.6 CVSS
0.1% EPSS
getgravxxe 2026-03-30
CVE-2026-22186 🟡 Monitoruj

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component (e.g., XLEF). The parser uses an insecurely configured DocumentBuilde…

7.1 CVSS
0.0% EPSS
openmicroscopydosssrfxxe 2026-01-07
CVE-2024-50442 ⚪ Do wiadomości

Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through <= 1.3.980.

6.5 CVSS
0.2% EPSS
royal-elementor-addonsxxe 2024-10-28
CVE-2023-49234 ⚪ Do wiadomości

An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server.

6.3 CVSS
0.1% EPSS
xxe 2024-03-29
CVE-2024-28039 ⚪ Do wiadomości

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-servi…

5.8 CVSS
0.1% EPSS
dosxxe 2024-03-18
CVE-2026-33737 ⚪ Do wiadomości

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerabil…

5.3 CVSS
0.0% EPSS
chamiloxxe 2026-04-10
CVE-2025-68463 ⚪ Do wiadomości

Bio.Entrez in Biopython through 186 allows doctype XXE.

4.9 CVSS
0.1% EPSS
xxe 2025-12-18
CVE-2026-33371 ⚪ Do wiadomości

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An au…

4.3 CVSS
0.0% EPSS
xxe 2026-03-20
CVE-2026-28809 ⚪ Do wiadomości

XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via c…

0.0 CVSS
0.1% EPSS
ssrfxxe 2026-03-23