Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-22774 | XXE vulnerability in Tibco products The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. | 6.4 |
| 2022-05-06 | CVE-2021-23792 | XXE vulnerability in Twelvemonkeys Project Twelvemonkeys The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. | 7.5 |
| 2022-05-05 | CVE-2022-28890 | XXE vulnerability in Apache Jena 4.4.0 A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. | 9.8 |
| 2022-05-04 | CVE-2022-29943 | XXE vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. | 6.8 |
| 2022-05-04 | CVE-2022-20780 | XXE vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 7.4 |
| 2022-05-03 | CVE-2022-1331 | XXE vulnerability in Deltaww Dmars In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | 4.3 |
| 2022-05-03 | CVE-2022-21949 | XXE vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 9.0 |
| 2022-04-30 | CVE-2022-29265 | XXE vulnerability in Apache Nifi Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. | 5.0 |
| 2022-04-28 | CVE-2022-24898 | XXE vulnerability in Xwiki Commons org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. | 4.0 |
| 2022-04-21 | CVE-2022-0272 | XXE vulnerability in Detekt Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. | 7.5 |