Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2021-40722 | XXE vulnerability in Adobe products AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. | 9.8 |
| 2022-01-12 | CVE-2021-42560 | XXE vulnerability in Mitre Caldera 2.9.0 An issue was discovered in CALDERA 2.9.0. | 8.8 |
| 2021-12-22 | CVE-2021-44028 | XXE vulnerability in Quest Kace Desktop Authority XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 5.5 |
| 2021-12-16 | CVE-2021-45096 | XXE vulnerability in Knime Analytics Platform KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 4.3 |
| 2021-12-14 | CVE-2021-3836 | XXE vulnerability in Dbeaver dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | 5.5 |
| 2021-12-10 | CVE-2021-23463 | XXE vulnerability in H2Database H2 1.4.198/1.4.199/1.4.200 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. | 9.1 |
| 2021-12-08 | CVE-2021-44556 | XXE vulnerability in KB Digger National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. | 9.1 |
| 2021-12-08 | CVE-2021-44557 | XXE vulnerability in KB Multiner National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. | 9.1 |
| 2021-12-01 | CVE-2021-42776 | XXE vulnerability in Cloverdx CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. | 7.7 |
| 2021-11-22 | CVE-2021-44147 | XXE vulnerability in Claris Filemaker PRO and Filemaker Server An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. | 5.5 |