Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2022-43512 XXE vulnerability in Visam Vbase Automation Base
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
local
low complexity
visam CWE-611
5.5
2023-03-21 CVE-2022-46300 XXE vulnerability in Visam Vbase Automation Base
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
local
low complexity
visam CWE-611
5.5
2023-03-21 CVE-2018-25082 XXE vulnerability in Wechat SDK Python Project Wechat SDK Python
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical.
network
low complexity
wechat-sdk-python-project CWE-611
critical
9.8
2023-03-09 CVE-2023-1288 XXE vulnerability in 3DS Enovia Live Collaboration
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.
network
low complexity
3ds CWE-611
7.5
2023-02-27 CVE-2023-26043 XXE vulnerability in Geosolutionsgroup Geonode
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data.
network
low complexity
geosolutionsgroup CWE-611
6.5
2023-02-24 CVE-2023-24189 XXE vulnerability in Bstek Urule 2.1.7
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.
network
low complexity
bstek CWE-611
critical
9.8
2023-02-22 CVE-2023-20855 XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability.
network
low complexity
vmware CWE-611
8.8
2023-02-21 CVE-2023-26267 XXE vulnerability in PHP-Saml-Sp Project PHP-Saml-Sp
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR.
network
low complexity
php-saml-sp-project CWE-611
6.5
2023-02-17 CVE-2021-33950 XXE vulnerability in Openkm 6.3.10
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.
network
low complexity
openkm CWE-611
7.5
2023-02-16 CVE-2022-39954 XXE vulnerability in Fortinet Fortinac and Fortinac-F
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
network
low complexity
fortinet CWE-611
critical
9.1