CWE-611: CWE-611

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that allows remote attackers to read arbitrary files on...

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files from the server or perform server-side request fo...

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows authenticated remote attackers to read arbitrary fil...

An XML External Entity (XXE) vulnerability in opensagres XDocReport versions 0.9.2 through 2.0.3 allows attackers to execute arbitrary code by uploadi...

This vulnerability allows remote attackers to execute arbitrary code on Lucee Server by exploiting an XML External Entity (XXE) vulnerability in the R...

An XML External Entity (XXE) injection vulnerability in Chat2DB's /datagrip/upload endpoint allows attackers to read arbitrary files, perform server-s...

CVE-2024-46455 is an XML External Entity (XXE) vulnerability in unstructured's XMLParser that allows attackers to read arbitrary files, perform server...

This XXE vulnerability in dompdf's SVG parser allows attackers to perform Server-Side Request Forgery (SSRF), access internal files, and execute PHAR ...

An XML External Entity (XXE) vulnerability in HAPI FHIR before version 6.4.0 allows attackers to read sensitive files from the server or execute arbit...

This XXE vulnerability in Dmoz2CSV allows attackers to read sensitive files from the server or execute arbitrary code by processing a malicious XML fi...

This critical XXE vulnerability in Adobe Commerce allows unauthenticated attackers to execute arbitrary code by sending malicious XML documents. It af...

This critical vulnerability in Oracle BI Publisher allows unauthenticated attackers with network access via HTTP to completely compromise the system. ...

A critical vulnerability in NetScout nGeniusOne version 6.3.4 allows remote attackers to execute arbitrary code and cause denial of service by uploadi...

This critical vulnerability allows unauthenticated attackers to exploit an XML External Entity (XXE) vulnerability in the Smart Device Server, potenti...

This CVE describes an XXE (XML External Entity) vulnerability in Apache Cocoon that allows attackers to read arbitrary files from the server or perfor...

The Jenkins MATLAB Plugin 2.11.0 and earlier contains an XML External Entity (XXE) vulnerability due to improper XML parser configuration. This allows...

This vulnerability in openCRX v5.2.2 allows remote attackers to read internal files and perform server-side request forgery (SSRF) attacks due to inse...

This CVE describes an XML External Entity (XXE) vulnerability in Python's plistlib module through version 3.9.1. Attackers can exploit this by craftin...

This CVE-2023-20918 is an Android elevation of privilege vulnerability in the ActivityOptions framework. It allows malicious apps to execute arbitrary...

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code by uploading a crafted XML file to the /urule/co...

CVE-2015-8031 is an XML External Entity (XXE) vulnerability in Hudson CI/CD server that allows attackers to read arbitrary files from the server files...

Apache CloudStack versions 4.5.0 and later contain an XML external entity (XXE) injection vulnerability in the SAML 2.0 authentication plugin. This vu...

This vulnerability allows attackers to perform XML External Entity (XXE) attacks on ASG-Zena Cross Platform Server Enterprise Edition 4.2.1. Attackers...

This XML External Entity (XXE) vulnerability in Drools allows attackers to read arbitrary files from the server filesystem or perform server-side requ...

CVE-2021-45981 is an XML External Entity (XXE) vulnerability in NetScout nGeniusONE 6.3.2 that allows attackers to read arbitrary files from the serve...

This vulnerability in Apache Jena's RDF/XML parser allows attackers to force the parser to retrieve external DTDs, potentially leading to XML External...

This XXE vulnerability in detekt allows attackers to read arbitrary files from the server filesystem or perform server-side request forgery by process...

CVE-2022-28219 is an unauthenticated XML External Entity (XXE) vulnerability in Cewolf within Zoho ManageEngine ADAudit Plus that allows remote attack...

This CVE describes an XML External Entity (XXE) vulnerability in wuta jox 1.16 that allows attackers to read arbitrary files from the server filesyste...

CVE-2021-43090 is an XML External Entity (XXE) vulnerability in soa-model's WSDLParser function that allows attackers to read arbitrary files, conduct...

This vulnerability allows attackers to perform XML External Entity (XXE) attacks through Liquibase, potentially leading to sensitive data disclosure, ...

This XXE vulnerability in Hazelcast 5.1-BETA-1 allows attackers to read arbitrary files from the server filesystem or perform server-side request forg...

This vulnerability allows XML External Entity (XXE) attacks during configuration file parsing in JetBrains TeamCity. Attackers can read arbitrary file...

This vulnerability in Signiant Manager+Agents allows attackers to perform XML External Entity (XXE) attacks by submitting malicious XML input. This co...

CVE-2022-0239 is an XXE (XML External Entity) vulnerability in Stanford CoreNLP that allows attackers to read arbitrary files from the server filesyst...

CVE-2021-3878 is an XML External Entity (XXE) vulnerability in Stanford CoreNLP that allows attackers to read arbitrary files from the server filesyst...

This vulnerability allows attackers to perform blind XML External Entity (XXE) attacks against Zoho ManageEngine ADManager Plus. Attackers can exploit...

CVE-2020-18703 is an XML External Entity (XXE) vulnerability in Quokka CMS v0.4.0 that allows remote attackers to read arbitrary files, perform server...

This CVE describes an XML External Entity (XXE) vulnerability in Quokka CMS v0.4.0 that allows remote attackers to execute arbitrary code by exploitin...

This CVE describes an XML External Entity (XXE) vulnerability in ConnectWise Automate that allows attackers to read arbitrary files from the server fi...

CVE-2021-1628 is an XML External Entity (XXE) vulnerability in Mule runtime that allows attackers to read arbitrary files from the server or perform s...

CVE-2021-26703 is a critical vulnerability in EPrints 3.4.2 that allows remote attackers to read arbitrary files and potentially execute commands via ...

CVE-2021-23899 is a vulnerability in OWASP json-sanitizer versions before 1.2.2 where the sanitizer fails to properly escape closing SCRIPT tags and C...

CVE-2020-35604 is an XML External Entity (XXE) vulnerability in Kronos WebTA 5.0.4 when SAML authentication is configured. This allows attackers to re...

This XXE vulnerability in Adobe ColdFusion allows attackers to bypass security restrictions and access sensitive data or cause denial of service by ex...

SysAid On-Prem versions up to 23.3.40 contain an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality. This...

SysAid On-Prem versions up to 23.3.40 contain an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality. This al...

This XXE vulnerability in DataSpider Servista allows attackers to read arbitrary files from the server's file system or cause denial-of-service by sen...

CVE-2025-10183 is a blind XML External Entity (XXE) injection vulnerability in TecCom TecConnect 4.1's OpenMessaging webservice that allows unauthenti...

Langroid applications using the XMLToolMessage class with untrusted XML input are vulnerable to XML External Entity (XXE) attacks. This allows attacke...