Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2022-43512 | XXE vulnerability in Visam Vbase Automation Base Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 5.5 |
| 2023-03-21 | CVE-2022-46300 | XXE vulnerability in Visam Vbase Automation Base Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 5.5 |
| 2023-03-21 | CVE-2018-25082 | XXE vulnerability in Wechat SDK Python Project Wechat SDK Python A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. | 9.8 |
| 2023-03-09 | CVE-2023-1288 | XXE vulnerability in 3DS Enovia Live Collaboration An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. | 7.5 |
| 2023-02-27 | CVE-2023-26043 | XXE vulnerability in Geosolutionsgroup Geonode GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. | 6.5 |
| 2023-02-24 | CVE-2023-24189 | XXE vulnerability in Bstek Urule 2.1.7 An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. | 9.8 |
| 2023-02-22 | CVE-2023-20855 | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
| 2023-02-21 | CVE-2023-26267 | XXE vulnerability in PHP-Saml-Sp Project PHP-Saml-Sp php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. | 6.5 |
| 2023-02-17 | CVE-2021-33950 | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |
| 2023-02-16 | CVE-2022-39954 | XXE vulnerability in Fortinet Fortinac and Fortinac-F An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. | 9.1 |