Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-16 | CVE-2024-7098 | XXE vulnerability in SFS Winsure Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
2024-09-10 | CVE-2023-37233 | XXE vulnerability in Loftware Spectrum Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. | 8.8 |
2024-08-30 | CVE-2024-45490 | XXE vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. | 7.5 |
2024-08-28 | CVE-2024-45048 | XXE vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 6.5 |
2024-08-14 | CVE-2024-38653 | XXE vulnerability in Ivanti Avalanche XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | 7.5 |
2024-08-08 | CVE-2024-6893 | XXE vulnerability in Journyx 11.5.4 The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. | 7.5 |
2024-07-30 | CVE-2024-3930 | XXE vulnerability in Perforce Akana API In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | 9.8 |
2024-06-07 | CVE-2024-36827 | XXE vulnerability in Dnkorpushov Ebookmeta An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. | 7.5 |
2024-06-07 | CVE-2024-37388 | XXE vulnerability in Dnkorpushov Ebookmeta An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. | 9.1 |
2024-03-28 | CVE-2024-31139 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | 8.1 |