Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-30951 | XXE vulnerability in Palantir Magritte-Rest-Source-Bundle The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 6.5 |
| 2023-08-03 | CVE-2023-37497 | XXE vulnerability in Hcltech Unica The Unica application exposes an API which accepts arbitrary XML input. | 8.8 |
| 2023-08-03 | CVE-2023-37364 | XXE vulnerability in Ws-Inc J Wbem In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. | 9.1 |
| 2023-07-25 | CVE-2023-32639 | XXE vulnerability in MOJ Applicant Programme Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
| 2023-07-19 | CVE-2023-32635 | XXE vulnerability in Edinet-Fsa Xbrl Data Create XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). | 5.5 |
| 2023-07-12 | CVE-2023-37942 | XXE vulnerability in Jenkins External Monitor JOB Type Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2023-07-12 | CVE-2023-37200 | XXE vulnerability in SE Ecostruxure OPC UA Server Expert 2.01 A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server. | 5.5 |
| 2023-07-05 | CVE-2023-35786 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | 4.9 |
| 2023-06-29 | CVE-2020-26708 | XXE vulnerability in Requests-Xml Project Requests-Xml 0.2.3 requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | 7.5 |
| 2023-06-29 | CVE-2020-26709 | XXE vulnerability in Py-Xml Project Py-Xml 1.0 py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | 7.5 |