Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-29 | CVE-2023-49656 | XXE vulnerability in Jenkins Matlab 2.11.0 Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-11-09 | CVE-2023-4218 | XXE vulnerability in Eclipse IDE In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. | 5.0 |
| 2023-11-06 | CVE-2023-46802 | XXE vulnerability in NTA E-Tax 1.17.1 e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. | 5.5 |
| 2023-10-30 | CVE-2023-46502 | XXE vulnerability in Opencrx 5.2.2 An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | 9.8 |
| 2023-10-27 | CVE-2022-34832 | XXE vulnerability in Vermeg Agile Reporter 21.3 An issue was discovered in VERMEG AgileReporter 21.3. | 6.5 |
| 2023-10-23 | CVE-2023-43067 | XXE vulnerability in Dell products Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. | 6.5 |
| 2023-10-23 | CVE-2023-43624 | XXE vulnerability in Omrom Cx-Designer CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. | 5.5 |
| 2023-10-18 | CVE-2023-45727 | XXE vulnerability in Northgrid Proself Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. | 7.5 |
| 2023-10-14 | CVE-2022-32755 | XXE vulnerability in IBM products IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-10-09 | CVE-2023-45612 | XXE vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 |