Vulnerabilities (CVE)

Filtered by CWE-611
Total 1117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25020 2 Mpxj, Oracle 2 Mpxj, Primavera Unifier 2025-05-05 7.5 HIGH 9.8 CRITICAL
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
CVE-2022-40747 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-05-05 N/A 9.1 CRITICAL
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."
CVE-2022-37911 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 N/A 3.8 LOW
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
CVE-2022-45194 1 Bruhn-newtech 1 Cbrn-analysis 2025-05-01 N/A 3.8 LOW
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.
CVE-2022-45386 1 Jenkins 1 Violations 2025-04-30 N/A 5.5 MEDIUM
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45395 1 Jenkins 1 Cccc 2025-04-30 N/A 9.8 CRITICAL
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45400 1 Jenkins 1 Japex 2025-04-30 N/A 9.8 CRITICAL
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45397 1 Jenkins 1 Osf Builder Suite \ 2025-04-30 N/A 9.8 CRITICAL
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45396 1 Jenkins 1 Sourcemonitor 2025-04-30 N/A 9.8 CRITICAL
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-43689 1 Concretecms 1 Concrete Cms 2025-04-30 N/A 5.3 MEDIUM
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.
CVE-2022-3980 1 Sophos 1 Mobile 2025-04-29 N/A 9.8 CRITICAL
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
CVE-2025-2070 2025-04-29 N/A 5.0 MEDIUM
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
CVE-2022-40771 1 Zohocorp 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more 2025-04-28 N/A 4.9 MEDIUM
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
CVE-2022-46682 1 Jenkins 1 Plot 2025-04-23 N/A 9.8 CRITICAL
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-45326 1 Kwoksys 1 Information Server 2025-04-23 N/A 4.9 MEDIUM
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.
CVE-2016-8974 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 7.5 HIGH 8.1 HIGH
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.
CVE-2017-7457 1 Moxa 1 Mx-aopc Server 2025-04-20 1.9 LOW 5.0 MEDIUM
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVE-2016-2908 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more 2025-04-20 6.4 MEDIUM 9.1 CRITICAL
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
CVE-2017-9295 1 Hitachi 1 Device Manager 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2016-8980 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2025-04-20 7.5 HIGH 8.1 HIGH
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.