Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2023-22322 Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier.
local
low complexity
CWE-611
5.5
2023-01-26 CVE-2023-24429 XXE vulnerability in Jenkins Semantic Versioning
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
network
low complexity
jenkins CWE-611
critical
9.8
2023-01-26 CVE-2023-24430 XXE vulnerability in Jenkins Semantic Versioning
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2023-01-26 CVE-2023-24441 XXE vulnerability in Jenkins Mstest
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2023-01-26 CVE-2023-24443 XXE vulnerability in Jenkins Testcomplete Support
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2023-01-17 CVE-2023-22624 XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
network
low complexity
zohocorp CWE-611
7.5
2023-01-15 CVE-2023-23595 XXE vulnerability in Bluecatnetworks Device Registration Portal 2.2
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files.
network
low complexity
bluecatnetworks CWE-611
7.5
2023-01-09 CVE-2021-4311 XXE vulnerability in Talend Open Studio
A vulnerability classified as problematic was found in Talend Open Studio for MDM.
network
low complexity
talend CWE-611
critical
9.8
2023-01-07 CVE-2015-10029 XXE vulnerability in Simplexrd Project Simplexrd
A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0.
network
low complexity
simplexrd-project CWE-611
critical
9.8
2023-01-06 CVE-2016-15011 XXE vulnerability in E-Contract Dssp
A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1.
network
low complexity
e-contract CWE-611
critical
9.8