Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2022-20780 | XXE vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 7.4 |
| 2022-04-30 | CVE-2022-29265 | XXE vulnerability in Apache Nifi Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. | 7.5 |
| 2022-04-28 | CVE-2022-24898 | XXE vulnerability in Xwiki Commons org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. | 4.9 |
| 2022-04-21 | CVE-2022-0272 | XXE vulnerability in Detekt Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. | 9.8 |
| 2022-04-13 | CVE-2022-0221 | XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. | 5.5 |
| 2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |
| 2022-04-01 | CVE-2022-1018 | XXE vulnerability in Rockwellautomation products When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. | 5.5 |
| 2022-03-30 | CVE-2021-33208 | XXE vulnerability in Softwareag Mashzone Nextgen 10.7 The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. | 7.2 |
| 2022-03-30 | CVE-2021-43142 | XXE vulnerability in JOX Project JOX 1.16 An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. | 9.8 |
| 2022-03-29 | CVE-2022-28140 | XXE vulnerability in Jenkins Flaky Test Handler Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |