Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-7098 XXE vulnerability in SFS Winsure
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
network
low complexity
sfs CWE-611
critical
9.8
2024-09-10 CVE-2023-37233 XXE vulnerability in Loftware Spectrum
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
network
low complexity
loftware CWE-611
8.8
2024-08-30 CVE-2024-45490 XXE vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-611
7.5
2024-08-28 CVE-2024-45048 XXE vulnerability in PHPoffice PHPspreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
network
low complexity
phpoffice CWE-611
6.5
2024-08-14 CVE-2024-38653 XXE vulnerability in Ivanti Avalanche
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
network
low complexity
ivanti CWE-611
7.5
2024-08-08 CVE-2024-6893 XXE vulnerability in Journyx 11.5.4
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities.
network
low complexity
journyx CWE-611
7.5
2024-07-30 CVE-2024-3930 XXE vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
network
low complexity
perforce CWE-611
critical
9.8
2024-06-07 CVE-2024-36827 XXE vulnerability in Dnkorpushov Ebookmeta
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
network
low complexity
dnkorpushov CWE-611
7.5
2024-06-07 CVE-2024-37388 XXE vulnerability in Dnkorpushov Ebookmeta
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
network
low complexity
dnkorpushov CWE-611
critical
9.1
2024-03-28 CVE-2024-31139 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
network
low complexity
jetbrains CWE-611
8.1