Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-6147 | XXE vulnerability in Qualys Policy Compliance Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
| 2024-01-09 | CVE-2023-26999 | XXE vulnerability in Netscout Ngeniusone 6.3.4 An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | 9.8 |
| 2023-12-30 | CVE-2023-52252 | XXE vulnerability in Unifiedremote Unified Remote 3.13.0 Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | 9.8 |
| 2023-12-19 | CVE-2023-46265 | XXE vulnerability in Ivanti Avalanche An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | 9.8 |
| 2023-12-19 | CVE-2023-6280 | XXE vulnerability in 52North WPS An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. | 7.5 |
| 2023-12-15 | CVE-2023-6836 | XXE vulnerability in Wso2 products Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | 7.5 |
| 2023-12-13 | CVE-2023-6721 | XXE vulnerability in Europeana Repox 2.3.7 An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. | 7.5 |
| 2023-12-11 | CVE-2023-6194 | XXE vulnerability in Eclipse Memory Analyzer In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | 7.1 |
| 2023-11-30 | CVE-2023-49733 | XXE vulnerability in Apache Cocoon 2.2.0 Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 9.8 |
| 2023-11-29 | CVE-2023-49656 | XXE vulnerability in Jenkins Matlab Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |