Vulnerabilities (CVE)

Filtered by CWE-611
Total 1121 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28152 1 Independentsoft 1 Jword 2025-05-30 N/A 5.3 MEDIUM
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-28151 1 Independentsoft 1 Jspreadsheet 2025-05-30 N/A 5.3 MEDIUM
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-28150 1 Independentsoft 1 Jodf 2025-05-30 N/A 5.3 MEDIUM
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2022-41226 1 Jenkins 1 Compuware Common Configuration 2025-05-28 N/A 9.8 CRITICAL
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-41241 1 Jenkins 1 Rqm 2025-05-28 N/A 9.1 CRITICAL
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2025-4338 2025-05-23 N/A 6.8 MEDIUM
Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application.
CVE-2022-34348 1 Ibm 1 Sterling Partner Engagement Manager 2025-05-22 N/A 7.1 HIGH
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.
CVE-2019-0948 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-05-20 4.3 MEDIUM 4.7 MEDIUM
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
CVE-2025-4639 2025-05-16 N/A N/A
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.
CVE-2025-47778 2025-05-16 N/A N/A
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.
CVE-2025-27523 2025-05-16 N/A 8.7 HIGH
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
CVE-2025-4641 2025-05-16 N/A N/A
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
CVE-2025-22478 1 Dell 1 Storage Manager 2025-05-13 N/A 8.1 HIGH
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
CVE-2025-30018 2025-05-13 N/A 8.6 HIGH
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
CVE-2024-51445 2025-05-13 N/A 6.5 MEDIUM
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server.
CVE-2025-34490 1 Gfi 1 Mailessentials 2025-05-10 N/A 6.5 MEDIUM
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
CVE-2024-22024 1 Ivanti 3 Connect Secure, Policy Secure, Zero Trust Access 2025-05-09 N/A 8.3 HIGH
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
CVE-2022-43415 1 Jenkins 1 Repo 2025-05-09 N/A 7.5 HIGH
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-43430 1 Jenkins 1 Compuware Topaz For Total Test 2025-05-08 N/A 7.5 HIGH
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-31678 1 Vmware 2 Cloud Foundation, Nsx Data Center 2025-05-08 N/A 9.1 CRITICAL
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.