Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2024-11-04 CVE-2024-45086 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-11-04 CVE-2024-51136 XXE vulnerability in Openimaj 1.3.10
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
network
low complexity
openimaj CWE-611
critical
9.8
2024-10-28 CVE-2024-50442 XXE vulnerability in Royal-Elementor-Addons Royal Elementor Addons
Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.
network
low complexity
royal-elementor-addons CWE-611
7.2
2024-10-16 CVE-2024-45072 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-10-16 CVE-2024-4184 XXE vulnerability in Microfocus Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
network
low complexity
microfocus CWE-611
8.0
2024-10-16 CVE-2024-4189 XXE vulnerability in Microfocus Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
network
low complexity
microfocus CWE-611
8.0
2024-10-16 CVE-2024-4690 XXE vulnerability in Microfocus Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
network
low complexity
microfocus CWE-611
8.0
2024-10-09 CVE-2024-39586 XXE vulnerability in Dell EMC Appsync
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability.
low complexity
dell CWE-611
4.3
2024-09-23 CVE-2024-46985 XXE vulnerability in Dataease
DataEase is an open source data visualization analysis tool.
network
low complexity
dataease CWE-611
7.5
2024-09-19 CVE-2024-46984 XXE vulnerability in Gematik Reference Validator
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards.
network
low complexity
gematik CWE-611
critical
9.8