Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2020-4876 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2022-01-13 | CVE-2021-40722 | XXE vulnerability in Adobe products AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. | 9.8 |
| 2022-01-12 | CVE-2021-42560 | XXE vulnerability in Mitre Caldera 2.9.0 An issue was discovered in CALDERA 2.9.0. | 8.8 |
| 2021-12-22 | CVE-2021-44028 | XXE vulnerability in Quest Kace Desktop Authority XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 5.5 |
| 2021-12-16 | CVE-2021-45096 | XXE vulnerability in Knime Analytics Platform KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 4.3 |
| 2021-12-14 | CVE-2021-3836 | XXE vulnerability in Dbeaver dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | 5.5 |
| 2021-12-10 | CVE-2021-23463 | XXE vulnerability in H2Database H2 1.4.198/1.4.199/1.4.200 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. | 9.1 |
| 2021-12-08 | CVE-2021-44556 | XXE vulnerability in KB Digger National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. | 9.1 |
| 2021-12-08 | CVE-2021-44557 | XXE vulnerability in KB Multiner National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. | 9.1 |
| 2021-12-01 | CVE-2021-42776 | XXE vulnerability in Cloverdx CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. | 7.7 |