Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-16 | CVE-2021-41411 | XXE vulnerability in Redhat Drools 6.1.0 drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. | 7.5 |
| 2022-06-14 | CVE-2022-32285 | XXE vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). | 4.3 |
| 2022-06-14 | CVE-2022-31447 | XXE vulnerability in Magicpin 3.4 An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. | 5.0 |
| 2022-06-02 | CVE-2021-45981 | XXE vulnerability in Netscout Ngeniusone 6.3.2 NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. | 7.5 |
| 2022-05-24 | CVE-2022-22977 | XXE vulnerability in VMWare Tools VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. | 3.6 |
| 2022-05-24 | CVE-2022-31261 | XXE vulnerability in Morpheusdata Morpheus An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. | 4.3 |
| 2022-05-20 | CVE-2022-29801 | XXE vulnerability in Siemens Teamcenter 12.4/13.0 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). | 7.5 |
| 2022-05-17 | CVE-2022-30971 | XXE vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2022-05-12 | CVE-2021-27777 | XXE vulnerability in Hcltech Unica XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. | 5.0 |
| 2022-05-11 | CVE-2021-42646 | XXE vulnerability in Wso2 products XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. | 9.1 |