Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-30 | CVE-2022-29265 | XXE vulnerability in Apache Nifi Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. | 7.5 |
| 2022-04-28 | CVE-2022-24898 | XXE vulnerability in Xwiki Commons org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. | 4.9 |
| 2022-04-21 | CVE-2022-0272 | XXE vulnerability in Detekt Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. | 9.8 |
| 2022-04-13 | CVE-2022-0221 | XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. | 5.5 |
| 2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |
| 2022-04-01 | CVE-2022-1018 | XXE vulnerability in Rockwellautomation products When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. | 5.5 |
| 2022-03-30 | CVE-2021-33208 | XXE vulnerability in Softwareag Mashzone Nextgen 10.7 The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. | 7.2 |
| 2022-03-30 | CVE-2021-43142 | XXE vulnerability in JOX Project JOX 1.16 An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. | 9.8 |
| 2022-03-29 | CVE-2022-28140 | XXE vulnerability in Jenkins Flaky Test Handler Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2022-03-29 | CVE-2022-28154 | XXE vulnerability in Jenkins Coverage/Complexity Scatter Plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |