Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-30951 XXE vulnerability in Palantir Magritte-Rest-Source-Bundle
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
network
low complexity
palantir CWE-611
6.5
2023-08-03 CVE-2023-37497 XXE vulnerability in Hcltech Unica
The Unica application exposes an API which accepts arbitrary XML input.
network
low complexity
hcltech CWE-611
8.8
2023-08-03 CVE-2023-37364 XXE vulnerability in Ws-Inc J Wbem 4.0.0
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution.
network
low complexity
ws-inc CWE-611
critical
9.1
2023-07-25 CVE-2023-32639 XXE vulnerability in MOJ Applicant Programme 7.06
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE).
local
low complexity
moj CWE-611
5.5
2023-07-19 CVE-2023-32635 XXE vulnerability in Edinet-Fsa Xbrl Data Create 7.0
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE).
local
low complexity
edinet-fsa CWE-611
5.5
2023-07-12 CVE-2023-37942 XXE vulnerability in Jenkins External Monitor JOB Type
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
6.5
2023-07-05 CVE-2023-35786 XXE vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
network
low complexity
zohocorp CWE-611
4.9
2023-06-29 CVE-2020-26708 XXE vulnerability in Requests-Xml Project Requests-Xml 0.2.3
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
network
low complexity
requests-xml-project CWE-611
7.5
2023-06-29 CVE-2020-26709 XXE vulnerability in Py-Xml Project Py-Xml 1.0
py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
network
low complexity
py-xml-project CWE-611
7.5
2023-06-29 CVE-2020-26710 XXE vulnerability in Easy-Parse Project Easy-Parse 0.1.1
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
network
low complexity
easy-parse-project CWE-611
7.5