CWE-611: CWE-611

This vulnerability allows attackers to perform XML External Entity (XXE) injection attacks when processing CycloneDX SBOM files in XML format. It affe...

An XML External Entity (XXE) vulnerability in ebookmeta's get_metadata function allows attackers to read sensitive files from the server or cause deni...

This XXE vulnerability in LG Simple Editor allows remote attackers to read arbitrary files from the system without authentication. Attackers can explo...

This vulnerability in LG Simple Editor allows remote attackers to read sensitive files from the system without authentication by exploiting an XML Ext...

An unauthenticated attacker can exploit this XXE vulnerability in Adobe RoboHelp Server to read sensitive files from the server filesystem. This affec...

This XXE vulnerability in Ivanti Endpoint Manager's CSEP component allows attackers to read arbitrary files or perform SSRF attacks by exploiting impr...

This vulnerability in certain Lexmark devices allows XML External Entity (XXE) attacks, which can lead to information disclosure by reading files from...

CVE-2020-26709 is an XML External Entity (XXE) vulnerability in py-xml v1.0 that allows attackers to execute arbitrary code by processing a malicious ...

Shinseiyo Sogo Soft versions 7.9A and earlier contain an XML External Entity (XXE) vulnerability that allows attackers to read arbitrary files on the ...

CVE-2022-38840 is an XML External Entity (XXE) vulnerability in the xmlstatus.cgi component of Güralp MAN-EAM-0003 seismic monitoring systems. It all...

The Jenkins Crap4J Plugin 0.9 and earlier contains an XML external entity (XXE) vulnerability due to improper XML parser configuration. This allows at...

CVE-2021-33950 is an XML external entity (XXE) vulnerability in OpenKM document management system that allows attackers to extract sensitive informati...

This vulnerability allows XML External Entity (XXE) attacks in Apache NiFi's ExtractCCDAAttributes Processor. Attackers can exploit this to read arbit...

CVE-2022-2414 is an XML External Entity (XXE) vulnerability in Dogtag PKI software that allows attackers to read arbitrary files on the server by subm...

CVE-2022-31471 is an XML External Entity (XXE) vulnerability in the untangle Python library that allows attackers to read local files on systems proce...

Digiwin BPM has an XML External Entity (XXE) vulnerability that allows unauthenticated remote attackers to read arbitrary files on the server. This af...

CVE-2021-40510 is an XML External Entity (XXE) vulnerability in OBDA Systems' Mastro 1.0 that allows remote attackers to read arbitrary system files b...

This vulnerability allows remote unauthenticated attackers to conduct XML External Entity (XXE) attacks against Office Server Document Converter, pote...

CVE-2021-3869 is an XXE (XML External Entity) vulnerability in Stanford CoreNLP that allows attackers to read arbitrary files from the server filesyst...

This CVE describes an XML External Entity (XXE) injection vulnerability in PyWPS and potentially OWSLib. It allows attackers to read arbitrary files o...

This CVE describes an XML External Entity (XXE) vulnerability in certain Mule runtime components that allows attackers to read arbitrary files from th...

This is an XML External Entity (XXE) vulnerability in Kaseya VSA's web service API that allows attackers to read arbitrary files on the server and pot...

CVE-2012-1102 is an XML External Entity (XXE) vulnerability in XML::Atom Perl module versions before 0.39. It allows attackers to read protected files...

CVE-2021-25951 is an XML External Entity (XXE) vulnerability in XML2Dict version 0.2.2 that allows attackers to cause denial of service by parsing mal...

This CVE describes an XML External Entity (XXE) vulnerability in Report Portal's service-api module. It allows attackers to upload specially crafted X...

This XXE vulnerability in Elastic App Search's web crawler beta feature allows attackers to read sensitive files on the host system. Attackers can exp...

This CVE describes an XML External Entity (XXE) vulnerability in IntelliJ IDEA that allows attackers to read arbitrary files from the system. It affec...

This vulnerability in pikepdf allows XML External Entity (XXE) attacks when parsing XMP metadata in PDF files. Attackers can exploit this to read arbi...

This CVE describes an XML External Entity (XXE) vulnerability in Pelco Digital Sentry Server version 7.18.72.11464. Attackers can exploit this to read...

This CVE describes a remote code execution vulnerability in Microsoft XML Core Services (MSXML) parser that allows attackers to run arbitrary code on ...

This XXE vulnerability in tsClinical software allows attackers to read arbitrary files on the system by processing specially crafted XML files. It aff...

GoCD versions 16.7.0 through 24.4.0 contain an XML External Entity (XXE) injection vulnerability in a hidden configuration repository feature. This al...

This XXE vulnerability in Kiuwan SAST allows authenticated attackers to read arbitrary files from the server and perform internal network reconnaissan...

This XXE vulnerability in EyouCMS allows attackers to read sensitive files from the server or perform server-side request forgery by sending malicious...

This vulnerability allows XML External Entity (XXE) attacks through the WHM Locale Upload feature in cPanel. Attackers can exploit this to read arbitr...

This XXE vulnerability in Proofpoint Insider Threat Management Server allows authenticated admin users with knowledge of the XML encryption key to rea...

CVE-2021-21517 is an XML External Entity Injection (XXE) vulnerability in Dell EMC SRS Policy Manager 6.X that allows remote unauthenticated attackers...

This XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server allows attackers to read sensitive files from the server by exploiti...

IBM Db2 databases running vulnerable versions are susceptible to XML external entity injection (XXE) attacks when processing XML data. This allows rem...

Bio-Formats up to version 8.3.0 contains an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parser. This allows attackers t...

PDFPatcher versions up to 1.1.3.4663 contain an XML External Entity (XXE) vulnerability in the XML bookmark import functionality. Attackers can exploi...

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an XML external entity injection (XXE) vulnerability that allows remote a...

Jenkins JDepend Plugin 1.3.1 and earlier contains an XML external entity (XXE) vulnerability due to an outdated JDepend Maven Plugin dependency. This ...

IBM OpenPages with Watson versions 8.3 and 9.0 contain an XML external entity injection (XXE) vulnerability that allows attackers to read sensitive fi...

IBM EntireX 11.1 has an XML external entity injection vulnerability that allows authenticated attackers to read sensitive files from the server or cau...

IBM Cognos Analytics is vulnerable to XML External Entity Injection (XXE), allowing attackers to read sensitive files from the server or cause denial ...

GoCD versions before 24.5.0 contain an XML External Entity (XXE) vulnerability that allows group administrators to inject malicious XML when editing p...

This XXE vulnerability in GMS ECM URL endpoint allows attackers to process malicious XML documents that can reference external entities, potentially l...

This CVE describes an XML External Entity (XXE) vulnerability in IBM Security Access Manager Container products. Attackers can exploit this by submitt...

IBM Financial Transaction Manager for SWIFT Services 3.2.4 has an XML External Entity (XXE) vulnerability that allows attackers to read sensitive file...