Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-08 | CVE-2023-27476 | XXE vulnerability in Osgeo Owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. | 7.5 |
2023-03-07 | CVE-2023-27480 | XXE vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 7.7 |
2023-02-27 | CVE-2023-26043 | XXE vulnerability in Geosolutionsgroup Geonode GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. | 6.5 |
2023-02-24 | CVE-2023-24189 | XXE vulnerability in Bstek Urule 2.1.7 An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. | 9.8 |
2023-02-22 | CVE-2023-20855 | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
2023-02-21 | CVE-2023-26267 | XXE vulnerability in PHP-Saml-Sp Project PHP-Saml-Sp php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. | 6.5 |
2023-02-21 | CVE-2015-10082 | XXE vulnerability in Libimobiledevice Libplist 1.12 A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. | 9.8 |
2023-02-20 | CVE-2016-15026 | XXE vulnerability in Dd-Plist Project Dd-Plist A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. | 7.8 |
2023-02-19 | CVE-2014-125087 | XXE vulnerability in Java-Xmlbuilder Project Java-Xmlbuilder A vulnerability was found in java-xmlbuilder up to 1.1. | 9.8 |
2023-02-17 | CVE-2021-33950 | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |