CWE-611: CWE-611

This CVE describes an XML External Entity (XXE) injection vulnerability in IBM WebSphere Application Server, allowing remote attackers to read sensiti...

This XXE vulnerability in IBM WebSphere Application Server allows remote attackers to read arbitrary files from the server filesystem or cause denial ...

This vulnerability allows authenticated attackers with specific permissions to perform XML External Entity (XXE) attacks against Unica applications by...

This vulnerability in Jenkins Coverage/Complexity Scatter Plot Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting impr...

The Jenkins Flaky Test Handler Plugin 1.2.1 and earlier contains an XML external entity (XXE) vulnerability due to improper XML parser configuration. ...

This CVE describes an XML External Entity (XXE) vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI. Attackers can exp...

IBM QRadar SIEM versions 7.3 and 7.4 contain an XML External Entity (XXE) vulnerability that allows remote attackers to read sensitive files from the ...

This CVE describes an XML External Entity (XXE) vulnerability in Aruba AirWave Management Platform that allows remote attackers to read arbitrary file...

An XML External Entities (XXE) vulnerability in the Media Server component of Avaya Equinox Conferencing allows authenticated remote attackers to read...

This CVE describes an XML External Entity (XXE) vulnerability in Aruba AirWave Management Platform that allows remote attackers to read arbitrary file...

This XML External Entity (XXE) vulnerability in Avaya Callback Assist allows authenticated remote attackers to read files on the affected system by pr...

This vulnerability in Jenkins Config File Provider Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XML par...

This vulnerability allows attackers to perform XML External Entity (XXE) attacks through DTD injection in OpenText Application Automation Tools. Attac...

This vulnerability allows attackers to perform XML External Entity (XXE) attacks through DTD injection in OpenText Application Automation Tools. Attac...

This XXE vulnerability in Liferay Portal and DXP allows authenticated attackers with deployment permissions to read sensitive files or cause denial of...

This XXE vulnerability in Crowd Data Center and Server allows authenticated attackers to read local files and potentially access remote content via XM...

This XXE vulnerability in Schneider Electric's Web Designer configuration tool allows attackers to read sensitive files or potentially execute remote ...

This XML External Entity (XXE) injection vulnerability in OpenText iManager 3.2.6.0200 allows attackers to execute remote code by submitting malicious...

This CVE describes an XML External Entity (XXE) injection vulnerability in OpenText iManager 3.2.6.0200. Attackers can exploit this vulnerability to r...

This XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code by uploading a specially crafted XML file to the /ureport/designer...

This XXE vulnerability in Talend Remote Engine Gen 2 allows authenticated users with pipeline editing rights to potentially read sensitive files from ...

This vulnerability in Autodesk Fusion 360 allows attackers to force victims' devices to make arbitrary HTTP requests through malicious SVG files. Atta...

This vulnerability in Magnolia CMS allows attackers to perform XML External Entity (XXE) attacks by uploading a malicious XLF file through the Export ...

This vulnerability in Intel Quartus Prime Pro Edition allows authenticated local users to exploit improper XML external entity (XXE) restrictions, pot...

This vulnerability allows authenticated XWiki users to exploit the JIRA macro to read arbitrary local files on the XWiki server via XML External Entit...

Pega Platform versions 6.x through 8.8.4 contain an XML External Entity (XXE) vulnerability in PDF generation functionality. This allows attackers to ...

This vulnerability allows unauthenticated attackers to send specially-crafted XML messages to Splunk's SAML authentication parser, causing a denial of...

CVE-2021-42776 is an XML External Entity (XXE) vulnerability in CloverDX Server that allows attackers to read arbitrary files on the server during con...

This XXE vulnerability in Dell Unisphere for PowerMax allows low-privileged remote attackers to access unauthorized data and resources by exploiting i...

The Demo Importer Plus WordPress plugin contains an XML External Entity Injection vulnerability in SVG file upload functionality. Authenticated attack...

This XML external entity (XXE) injection vulnerability in eyoucms v1.7.1 allows remote attackers to cause denial of service by sending specially craft...

N-central versions before 2025.4 are vulnerable to XML External Entity (XXE) injection attacks, allowing attackers to read arbitrary files from the se...

The CycloneDX core Java library's XML validator is vulnerable to XML External Entity (XXE) injection due to insecure configuration. This allows attack...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MetInfo CMS that can be triggered via XML External Entity (XXE) injection. At...

Xerox FreeFlow Core version 8.0.4 has an XML External Entity (XXE) vulnerability that allows Server-Side Request Forgery (SSRF). Attackers can inject ...

Keyoti SearchUnit versions before 9.0.0 are vulnerable to XML External Entity (XXE) attacks. This allows attackers who can submit malicious XML/DTD fi...

TEIGarage's Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability that allows attackers to read arbitrary ...

An XML External Entity (XXE) vulnerability in Apache Ambari/Oozie allows attackers to inject malicious XML entities due to insecure parsing with Docum...

An XML External Entity (XXE) vulnerability in Elspec G5 digital fault recorder versions 1.2.1.12 and earlier allows attackers to cause Denial of Servi...

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder firmware allows attackers to cause Denial of Service (DoS) ...

CVE-2023-24466 is an XML External Entity (XXE) injection vulnerability in OpenText iManager's GET parameter processing. Attackers can exploit this to ...

This vulnerability allows attackers to bypass XML external entity (XXE) protection in PhpSpreadsheet by using UTF-7 encoding tricks. Attackers can rea...

This vulnerability allows attackers to bypass XML external entity (XXE) protection in PhpSpreadsheet by exploiting UCS-4 encoding and encoding guessin...

This vulnerability in PHPSpreadsheet allows attackers to bypass XML security scanning by using whitespace manipulation in XLSX files, enabling XXE att...

DataEase versions before 2.10.1 contain an XML external entity injection (XXE) vulnerability in the static resource upload interface. This allows atta...

This XXE vulnerability in soap_cgi.pyc allows unauthenticated attackers to read local files, perform SSRF attacks, and potentially cause denial of ser...

This vulnerability allows attackers to perform XML External Entity (XXE) injection attacks when processing CycloneDX SBOM files in XML format. It affe...

An XML External Entity (XXE) vulnerability in ebookmeta's get_metadata function allows attackers to read sensitive files from the server or cause deni...

This XXE vulnerability in LG Simple Editor allows remote attackers to read arbitrary files from the system without authentication. Attackers can explo...

This vulnerability in LG Simple Editor allows remote attackers to read sensitive files from the system without authentication by exploiting an XML Ext...