Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2024-6893 | XXE vulnerability in Journyx 11.5.4 The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. | 7.5 |
| 2024-07-30 | CVE-2024-3930 | XXE vulnerability in Perforce Akana API In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | 9.8 |
| 2024-06-07 | CVE-2024-36827 | XXE vulnerability in Dnkorpushov Ebookmeta An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. | 7.5 |
| 2024-06-07 | CVE-2024-37388 | XXE vulnerability in Dnkorpushov Ebookmeta An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. | 9.1 |
| 2024-05-28 | CVE-2024-3969 | XXE vulnerability in Microfocus Imanager XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-3486 | XXE vulnerability in Microfocus Imanager XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-4357 | XXE vulnerability in Progress Telerik Reporting An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | 6.5 |
| 2024-03-28 | CVE-2024-31139 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | 8.1 |
| 2024-02-22 | CVE-2024-25129 | XXE vulnerability in Github Codeql CLI The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). | 5.5 |
| 2024-02-20 | CVE-2024-25606 | XXE vulnerability in Liferay Digital Experience Platform XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method. | 8.7 |