CWE-611: CWE-611
Yearly Trend
Top Affected Vendors
All CWE-611 CVEs (239)
Langroid applications using the XMLToolMessage class with untrusted XML input are vulnerable to XML External Entity (XXE) attacks. This allows attacke...
May 5, 2025This CVE describes an XML External Entity (XXE) vulnerability in multiple WSO2 products due to improper XML parser configuration. It allows remote una...
May 5, 2025This vulnerability in libxml2 allows attackers to bypass custom SAX handler protections against external entity processing, enabling classic XML Exter...
Dec 23, 2024This XXE vulnerability in ebookmeta's lxml library allows attackers to read sensitive files from the server or cause denial of service by processing m...
Jun 7, 2024This vulnerability in WS-Inc J WBEM Server allows attackers to exploit XML entity resolution in the CIM-XML protocol adapter to read arbitrary files o...
Aug 3, 2023CVE-2023-24470 is an XML External Entity (XXE) injection vulnerability in ArcSight Logger versions before 7.3.0. This allows attackers to read arbitra...
Jun 13, 2023This CVE describes an XML External Entity (XXE) vulnerability in WSO2 API Manager and Identity Server management consoles. Attackers can exploit it vi...
May 11, 2022This CVE describes an XML External Entity (XXE) vulnerability in the National Library of the Netherlands digger software. Attackers can exploit this b...
Dec 8, 2021CVE-2020-26705 is an XML External Entity (XXE) vulnerability in Easy-XML 0.5.0's parseXML function that allows attackers to read sensitive files from ...
Oct 31, 2021This XXE vulnerability in MODX CMS 2.7.3 allows attackers to read arbitrary files from the server or cause denial of service by sending specially craf...
Oct 31, 2021This XXE vulnerability in Any23 allows attackers to read arbitrary files from the server filesystem and potentially access internal systems. It affect...
Sep 11, 2021CVE-2021-34823 is a critical vulnerability in ON24 ScreenShare for macOS that allows unauthenticated remote attackers to read local files and upload t...
Aug 13, 2021This XXE vulnerability in HCL Commerce Management Center allows attackers to read arbitrary files from the server or perform server-side request forge...
Aug 13, 2021CVE-2021-37425 is an XML External Entity (XXE) vulnerability in Altova MobileTogether Server that allows attackers to read sensitive files, including ...
Aug 10, 2021This XXE vulnerability in IBM QRadar SIEM allows remote attackers to read sensitive files from the server or cause denial of service through memory ex...
Jul 27, 2021IBM Financial Transaction Manager 3.2.4 contains an XML External Entity (XXE) vulnerability that allows remote attackers to read arbitrary files on th...
Jun 11, 2021CVE-2021-27931 is an unauthenticated blind XML External Entity (XXE) vulnerability in LumisXP (Lumis Experience Platform) that allows attackers to rea...
Mar 3, 2021This XXE vulnerability in Apache Nutch's DmozParser allows attackers to read arbitrary files from the server filesystem and potentially perform server...
Jan 25, 2021This vulnerability allows authenticated attackers to perform XML External Entity (XXE) attacks against Loftware Spectrum print management software. At...
Sep 10, 2024This vulnerability in PHPSpreadsheet allows attackers to bypass XML filtering and perform XML External Entity (XXE) attacks. Attackers can read local ...
Aug 28, 2024This XXE vulnerability in Terminalfour allows authenticated users to submit malicious XML through unspecified features, potentially leading to server ...
Aug 15, 2024This vulnerability allows attackers to perform XML External Entity (XXE) attacks through Apache Drill's XML Format Plugin. By uploading a malicious XM...
Jul 24, 2024This vulnerability in Azure HDInsight's Apache Oozie workflow scheduler allows attackers to perform XML External Entity (XXE) attacks, potentially lea...
Oct 10, 2023This vulnerability in Jenkins Job Configuration History Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XM...
Sep 6, 2023Mojoportal v2.7 contains an authenticated XML external entity (XXE) injection vulnerability that allows authenticated attackers to read arbitrary file...
Feb 9, 2023CVE-2022-30971 is an XML external entity (XXE) vulnerability in the Jenkins Storable Configs Plugin, allowing attackers to read arbitrary files from t...
May 17, 2022CVE-2022-21949 is an XXE (XML External Entity) vulnerability in SUSE Open Build Service that allows attackers to read arbitrary files from the server ...
May 3, 2022This vulnerability in Jenkins Chef Sinatra Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XML parser conf...
Feb 15, 2022This CVE describes an XML External Entity (XXE) vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Attackers can ...
May 15, 2025This CVE describes an XML External Entity (XXE) vulnerability in the HL7 FHIR IG Publisher tool versions before 1.7.4. Attackers can exploit this by s...
Jan 24, 2025This CVE describes an XML External Entity (XXE) vulnerability in HAPI FHIR's XSLT parsing components. Attackers can submit malicious XML files contain...
Nov 8, 2024CVE-2024-24743 is an XML external entity (XXE) vulnerability in SAP NetWeaver AS Java's Guided Procedures component. Unauthenticated attackers can sub...
Feb 13, 2024This vulnerability in JetBrains Ktor's ContentNegotiation feature with XML format allows attackers to perform XML External Entity (XXE) attacks, poten...
Oct 9, 2023This vulnerability allows unauthenticated attackers with network access to execute XML External Entity (XXE) attacks against TIBCO Managed File Transf...
May 10, 2022This vulnerability allows authenticated attackers to perform XML External Entity (XXE) attacks through the Management option in ManageEngine SharePoin...
Nov 8, 2024This critical XXE vulnerability in Apache Tika allows attackers to perform XML External Entity injection via crafted XFA files within PDF documents. I...
Dec 4, 2025This CVE describes an XML External Entity (XXE) vulnerability in SimpleSAMLphp SAML2 library that allows attackers to read arbitrary files from the se...
Dec 2, 2024This XXE vulnerability in Ivanti's SAML implementation allows attackers to access restricted resources without authentication by processing malicious ...
Feb 13, 2024CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox's file upload function that allows remote attackers to read arbitrary files from ...
Dec 13, 2023This XXE vulnerability in Adobe ColdFusion allows attackers to read arbitrary files from the server filesystem without authentication. All ColdFusion ...
Dec 10, 2025This XXE vulnerability in Lexmark printer drivers allows attackers to read sensitive files from Windows systems and exfiltrate them to arbitrary URLs....
Aug 19, 2025IBM Cognos Controller and IBM Controller are vulnerable to XML External Entity Injection (XXE) attacks when processing XML data. This allows remote at...
Feb 19, 2025An unauthenticated attacker can exploit an XML External Entity (XXE) vulnerability in Ivanti EPM's provisioning web service to read sensitive files, i...
Sep 12, 2024IBM Maximo Application Suite 7.6.1.3 contains an XML External Entity (XXE) vulnerability that allows attackers to read sensitive files from the server...
Mar 14, 2024An unauthenticated XML external entity injection (XXE) vulnerability in Lenovo XClarity Administrator's CIM server allows attackers to read specific f...
Jun 26, 2023The Jenkins Performance Publisher Plugin 8.09 and earlier contains an XML external entity (XXE) vulnerability due to improper XML parser configuration...
Apr 2, 2023IBM Cognos Controller versions 10.4.0 through 10.4.2 contain an XML External Entity (XXE) vulnerability that allows remote attackers to read sensitive...
Jan 21, 2022This XXE vulnerability in Dell EMC Avamar Server and IDPA allows remote unauthenticated attackers to cause denial of service or information disclosure...
Jul 16, 2021CVE-2020-4300 is an XML External Entity (XXE) vulnerability in IBM Cognos Analytics that allows remote attackers to read arbitrary files from the serv...
Jun 1, 2021This CVE describes an XML External Entity (XXE) vulnerability in Aruba ClearPass Policy Manager that allows remote attackers to read arbitrary files o...
Apr 29, 2021About CWE-611 (CWE-611)
Our database tracks 239 CVEs classified as CWE-611, with 68 rated critical and 135 rated high severity. The average CVSS score for CWE-611 vulnerabilities is 7.9.
External reference: View CWE-611 on MITRE CWE →
Monitor CWE-611 Vulnerabilities
Get alerted when new CWE-611 CVEs affect your infrastructure.
Start Monitoring Free