Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-16 | CVE-2020-18705 | XXE vulnerability in Quokka Project Quokka 0.4.0 XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | 9.8 |
| 2021-08-13 | CVE-2021-34823 | XXE vulnerability in On24 Screenshare The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. | 9.1 |
| 2021-08-13 | CVE-2021-27741 | XXE vulnerability in Hcltechsw HCL Commerce " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | 9.1 |
| 2021-08-11 | CVE-2021-38584 | XXE vulnerability in Cpanel The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). | 7.2 |
| 2021-08-10 | CVE-2021-37425 | XXE vulnerability in Altova Mobiletogether Server 7.0/7.3 Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key. | 9.1 |
| 2021-08-10 | CVE-2021-37178 | XXE vulnerability in Siemens Solid Edge Se2021 Firmware A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). | 5.5 |
| 2021-08-05 | CVE-2021-1630 | XXE vulnerability in Salesforce Mule XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers. | 7.5 |
| 2021-07-31 | CVE-2020-26564 | XXE vulnerability in Objectplanet Opinio ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI. | 6.5 |
| 2021-07-29 | CVE-2021-23418 | XXE vulnerability in Glances Project Glances The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. | 9.8 |
| 2021-07-27 | CVE-2021-20399 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |