Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-27527 | XXE vulnerability in Touki-Kyoutaku-Online Shinseiyo Sogo Soft 7.9A Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). | 7.5 |
| 2023-04-26 | CVE-2022-45876 | XXE vulnerability in Visam Vbase 11.7.0.2 Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 5.5 |
| 2023-04-26 | CVE-2023-29443 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | 4.9 |
| 2023-04-26 | CVE-2023-28008 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-26 | CVE-2023-28009 | XXE vulnerability in Hcltech Workload Automation 10.1.0/9.4.0/9.5.0 HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2023-04-25 | CVE-2023-26057 | XXE vulnerability in Nokia Netact 20.1 An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. | 6.5 |
| 2023-04-25 | CVE-2023-26058 | XXE vulnerability in Nokia Netact 20.1 An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. | 6.5 |
| 2023-04-16 | CVE-2022-38840 | XXE vulnerability in Guralp Man-Eam-0003 3.2.4 cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure. | 7.5 |
| 2023-04-13 | CVE-2023-26263 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | 5.5 |
| 2023-04-13 | CVE-2023-26264 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | 5.5 |