Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-29 | CVE-2022-27873 | XXE vulnerability in Autodesk Fusion 360 An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. | 7.8 |
| 2022-07-27 | CVE-2021-42537 | XXE vulnerability in Visam Vbase Web-Remote 11.6.0.6 VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | 7.5 |
| 2022-07-26 | CVE-2022-31471 | XXE vulnerability in Untangle Project Untangle untangle is a python library to convert XML data to python objects. | 7.5 |
| 2022-07-25 | CVE-2022-2131 | XXE vulnerability in Openkm 6.3.10 OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack. | 9.8 |
| 2022-07-20 | CVE-2022-32458 | XXE vulnerability in Digiwin Business Process Management 5.8.6.1 Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. | 7.5 |
| 2022-07-19 | CVE-2022-22358 | XXE vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2022-07-19 | CVE-2022-34001 | XXE vulnerability in Unit4 Enterprise Resource Planning 7.9 Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. | 6.5 |
| 2022-07-18 | CVE-2015-8031 | XXE vulnerability in Eclipse Hudson Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. | 9.8 |
| 2022-07-18 | CVE-2022-35741 | XXE vulnerability in Apache Cloudstack Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. | 9.8 |
| 2022-07-12 | CVE-2022-35168 | XXE vulnerability in SAP Business ONE 10.0 Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | 7.5 |