Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-22 | CVE-2023-20855 | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
| 2023-02-21 | CVE-2023-26267 | XXE vulnerability in PHP-Saml-Sp Project PHP-Saml-Sp php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. | 6.5 |
| 2023-02-21 | CVE-2015-10082 | XXE vulnerability in Libimobiledevice Libplist 1.12 A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. | 9.8 |
| 2023-02-20 | CVE-2016-15026 | XXE vulnerability in Dd-Plist Project Dd-Plist A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. | 7.8 |
| 2023-02-19 | CVE-2014-125087 | XXE vulnerability in Java-Xmlbuilder Project Java-Xmlbuilder A vulnerability was found in java-xmlbuilder up to 1.1. | 9.8 |
| 2023-02-17 | CVE-2021-33950 | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |
| 2023-02-16 | CVE-2022-39954 | XXE vulnerability in Fortinet Fortinac and Fortinac-F An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. | 9.1 |
| 2023-02-16 | CVE-2023-23926 | XXE vulnerability in Neo4J Awesome Procedures on Cyper APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. | 8.1 |
| 2023-02-15 | CVE-2023-22377 | XXE vulnerability in Fujitsu products Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. | 7.4 |
| 2023-02-14 | CVE-2023-24187 | XXE vulnerability in Ureport Project Ureport 2.2.9 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | 7.8 |