Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45072 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2024-10-16 | CVE-2024-4184 | XXE vulnerability in Microfocus Application Automation Tools 6.7 Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4189 | XXE vulnerability in Microfocus Application Automation Tools 6.7 Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4690 | XXE vulnerability in Microfocus Application Automation Tools 6.7 Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-09 | CVE-2024-39586 | XXE vulnerability in Dell EMC Appsync Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. | 4.3 |
| 2024-09-23 | CVE-2024-46985 | XXE vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 7.5 |
| 2024-09-19 | CVE-2024-46984 | XXE vulnerability in Gematik Reference Validator The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. | 9.8 |
| 2024-09-16 | CVE-2024-7098 | XXE vulnerability in SFS Winsure Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
| 2024-09-10 | CVE-2023-37233 | XXE vulnerability in Loftware Spectrum Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. | 8.8 |
| 2024-08-30 | CVE-2024-45490 | XXE vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. | 7.5 |