Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-04 | CVE-2020-26064 | XXE vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. | 8.1 |
2023-08-03 | CVE-2023-30951 | XXE vulnerability in Palantir Magritte-Rest-Source-Bundle The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 6.5 |
2023-08-03 | CVE-2023-37497 | XXE vulnerability in Hcltech Unica The Unica application exposes an API which accepts arbitrary XML input. | 8.8 |
2023-08-03 | CVE-2023-37364 | XXE vulnerability in Ws-Inc J Wbem In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. | 9.1 |
2023-07-25 | CVE-2023-32639 | XXE vulnerability in MOJ Applicant Programme Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
2023-07-19 | CVE-2023-32635 | XXE vulnerability in Edinet-Fsa Xbrl Data Create XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
2023-07-12 | CVE-2023-37942 | XXE vulnerability in Jenkins External Monitor JOB Type Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
2023-07-12 | CVE-2023-37200 | XXE vulnerability in SE Ecostruxure OPC UA Server Expert 2.01 A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server. | 5.5 |
2023-07-05 | CVE-2023-35786 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | 4.9 |
2023-06-29 | CVE-2020-26708 | XXE vulnerability in Requests-Xml Project Requests-Xml 0.2.3 requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | 7.5 |