Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-27 | CVE-2020-10990 | XXE vulnerability in Accenture Mercury An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. | 9.8 |
| 2020-03-25 | CVE-2020-2171 | XXE vulnerability in Jenkins Rapiddeploy Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2020-03-23 | CVE-2019-20627 | XXE vulnerability in Rbsoft Autoupdater.Net AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | 9.8 |
| 2020-03-20 | CVE-2020-10799 | XXE vulnerability in Svglib Project Svglib The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. | 9.8 |
| 2020-03-16 | CVE-2019-20191 | XXE vulnerability in Sync Oxygen XML Editor Oxygen XML Editor 21.1.1 allows XXE to read any file. | 7.5 |
| 2020-03-10 | CVE-2020-9044 | XXE vulnerability in Johnsoncontrols products XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. | 9.1 |
| 2020-03-09 | CVE-2020-2144 | XXE vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-09 | CVE-2020-2138 | XXE vulnerability in Jenkins Cobertura Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-09 | CVE-2015-7968 | XXE vulnerability in SAP Netweaver Application Server nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | 4.3 |
| 2020-02-23 | CVE-2020-9352 | XXE vulnerability in Smartclient 12.0 An issue was discovered in SmartClient 12.0. | 9.8 |