Total
1117 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25020 | 2 Mpxj, Oracle | 2 Mpxj, Primavera Unifier | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. | |||||
CVE-2022-40747 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | N/A | 9.1 CRITICAL |
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584." | |||||
CVE-2022-37911 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | N/A | 3.8 LOW |
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. | |||||
CVE-2022-45194 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2025-05-01 | N/A | 3.8 LOW |
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | |||||
CVE-2022-45386 | 1 Jenkins | 1 Violations | 2025-04-30 | N/A | 5.5 MEDIUM |
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2025-04-30 | N/A | 9.8 CRITICAL |
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-45400 | 1 Jenkins | 1 Japex | 2025-04-30 | N/A | 9.8 CRITICAL |
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2025-04-30 | N/A | 9.8 CRITICAL |
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2025-04-30 | N/A | 9.8 CRITICAL |
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-43689 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 5.3 MEDIUM |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | |||||
CVE-2022-3980 | 1 Sophos | 1 Mobile | 2025-04-29 | N/A | 9.8 CRITICAL |
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | |||||
CVE-2025-2070 | 2025-04-29 | N/A | 5.0 MEDIUM | ||
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. | |||||
CVE-2022-40771 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | N/A | 4.9 MEDIUM |
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | |||||
CVE-2022-46682 | 1 Jenkins | 1 Plot | 2025-04-23 | N/A | 9.8 CRITICAL |
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2022-45326 | 1 Kwoksys | 1 Information Server | 2025-04-23 | N/A | 4.9 MEDIUM |
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | |||||
CVE-2016-8974 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. | |||||
CVE-2017-7457 | 1 Moxa | 1 Mx-aopc Server | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | |||||
CVE-2016-2908 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. | |||||
CVE-2017-9295 | 1 Hitachi | 1 Device Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | |||||
CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. |