Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-15 | CVE-2024-3486 | XXE vulnerability in Microfocus Imanager XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-4357 | XXE vulnerability in Progress Telerik Reporting An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | 6.5 |
| 2024-05-03 | CVE-2023-39472 | XXE vulnerability in Inductiveautomation Ignition Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. | 6.5 |
| 2024-03-28 | CVE-2024-31139 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | 8.1 |
| 2024-03-14 | CVE-2023-50168 | XXE vulnerability in Pega Platform Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. | 7.7 |
| 2024-03-11 | CVE-2024-28198 | XXE vulnerability in Frentix Openolat OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. | 7.5 |
| 2024-02-22 | CVE-2024-25129 | XXE vulnerability in Github Codeql CLI The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). | 5.5 |
| 2024-02-20 | CVE-2024-25606 | XXE vulnerability in Liferay Digital Experience Platform XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method. | 8.7 |
| 2024-02-13 | CVE-2024-22024 | XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | 8.3 |
| 2024-02-06 | CVE-2023-52239 | XXE vulnerability in Magicsoftware Magic XPI Integration Platform 4.13.4 The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | 6.5 |