Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-49064 Microsoft SharePoint Information Disclosure Vulnerability
network
low complexity
CWE-611
6.5
2024-12-10 CVE-2024-49535 XXE vulnerability in Adobe products
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
local
low complexity
adobe CWE-611
7.8
2024-12-10 CVE-2024-49704 A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21).
local
low complexity
CWE-611
5.5
2024-12-10 CVE-2024-54005 A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21).
local
high complexity
CWE-611
5.1
2024-11-26 CVE-2024-11622 XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
network
low complexity
hpe CWE-611
7.5
2024-11-26 CVE-2024-53674 XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
network
low complexity
hpe CWE-611
7.5
2024-11-26 CVE-2024-53675 XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
network
low complexity
hpe CWE-611
7.5
2024-11-15 CVE-2021-1483 A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files.
network
low complexity
CWE-611
6.4
2024-11-15 CVE-2024-39726 XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2024-11-08 CVE-2024-10839 XXE vulnerability in Zohocorp Manageengine Sharepoint Manager Plus
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
network
low complexity
zohocorp CWE-611
8.1