Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-54005 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). | 5.1 |
| 2024-11-26 | CVE-2024-11622 | XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 7.5 |
| 2024-11-26 | CVE-2024-53674 | XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 7.5 |
| 2024-11-26 | CVE-2024-53675 | XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 7.5 |
| 2024-11-22 | CVE-2023-24466 | XXE vulnerability in Microfocus Imanager Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-11-15 | CVE-2021-1483 | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. | 6.4 |
| 2024-11-15 | CVE-2024-39726 | XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-11-14 | CVE-2024-5919 | XXE vulnerability in Paloaltonetworks Pan-Os A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. | 6.5 |
| 2024-11-08 | CVE-2024-10839 | XXE vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option. | 8.1 |
| 2024-11-04 | CVE-2024-45086 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 5.5 |