CWE-611: CWE-611

This XXE vulnerability in GMS ECM URL endpoint allows attackers to process malicious XML documents that can reference external entities, potentially l...

This CVE describes an XML External Entity (XXE) vulnerability in IBM Security Access Manager Container products. Attackers can exploit this by submitt...

IBM Financial Transaction Manager for SWIFT Services 3.2.4 has an XML External Entity (XXE) vulnerability that allows attackers to read sensitive file...

This XXE vulnerability in OpenText Archive Center Administration allows authenticated users to upload malicious XML files that can lead to data exfilt...

HCL Workload Automation versions 9.4, 9.5, and 10.1 contain an XML External Entity (XXE) vulnerability that allows remote attackers to read sensitive ...

IBM TRIRIGA 4.0 has an XML external entity injection (XXE) vulnerability that allows attackers to read sensitive files from the server or cause denial...

This XXE vulnerability in AVEVA Edge 2020 allows attackers to read sensitive files from the system when users open malicious documents. Attackers can ...

This CVE describes an XML External Entity (XXE) vulnerability in VMware Tools for Windows that allows a malicious actor with non-administrative local ...

IBM Cognos Analytics 11.0 and 11.1 contains an XML External Entity (XXE) vulnerability that allows remote attackers to read arbitrary files from the s...

WordPress users with file upload permissions (like Authors) can exploit an XML parsing vulnerability in the Media Library to perform XXE attacks when ...

This XXE vulnerability in IBM Jazz Foundation Products allows attackers to read sensitive files from the server or cause denial of service through mem...

This XXE vulnerability in IBM Cloud Pak for Automation allows attackers to read sensitive files from the server or cause denial of service by consumin...

This XML External Entity Injection (XXE) vulnerability in IBM WebSphere Application Server allows attackers to process malicious XML data, potentially...

This XXE vulnerability in ColdFusion allows attackers to read arbitrary files from the server's filesystem without user interaction. It affects ColdFu...

This CVE describes an XML External Entity (XXE) vulnerability in Jalios JPlatform that allows attackers to read arbitrary files from the server, poten...

An XML External Entity (XXE) vulnerability in multiple WSO2 products allows attackers to read sensitive server files or cause denial-of-service. The v...

This XXE vulnerability in Dell Storage Manager allows attackers to read arbitrary files on the server or potentially cause denial of service. It affec...

This XXE vulnerability in PruvaSoft Informatics Apinizer Management Console allows attackers to read arbitrary files from the server or cause denial o...

This CVE describes an XML External Entity (XXE) vulnerability in Progress Telerik Report Server that allows low-privilege authenticated attackers to r...

This XXE vulnerability in Honeywell Saia PG5 Controls Suite allows attackers to read sensitive files from the system when users open malicious XML fil...

This XXE vulnerability in Honeywell Saia PG5 Controls Suite allows attackers to disclose sensitive information by tricking users into opening maliciou...

This CVE describes an XML External Entity (XXE) vulnerability in Akana API Platform versions before 2024.1.0. Attackers can exploit this flaw to read ...

This XXE vulnerability in Adobe ColdFusion allows high-privileged attackers to read arbitrary files from the server filesystem when they can submit ma...

Delta Electronics EIP Builder version 1.11 contains an XML External Entity (XXE) vulnerability that allows attackers to read arbitrary files from the ...

Dell CloudLink versions 8.0 through 8.1.1 contain an XML External Entity (XXE) vulnerability that allows high-privileged attackers with remote access ...

This CVE describes an XML External Entity (XXE) injection vulnerability in multiple Siemens SIMOTION and SINAMICS engineering software versions. Attac...

This vulnerability in NB-series NX-Designer allows attackers to exploit XML External Entity (XXE) processing to read arbitrary files from the system. ...

This XXE vulnerability in Siemens COMOS software allows attackers to read arbitrary files from affected systems by tricking users into opening malicio...

This vulnerability in Cisco ISE allows authenticated attackers with Super Admin credentials to read arbitrary files on the underlying OS and conduct S...

IBM WebSphere Application Server 8.5 and 9.0 contains an XML External Entity (XXE) vulnerability that allows privileged users to read arbitrary files ...

This is a denial of service vulnerability in Microsoft's XmlLite runtime library that improperly parses XML input. An attacker can crash XML applicati...

This CVE describes an XML Entity Expansion (XXE) vulnerability in SAP software where unauthenticated attackers can send malicious XML input to an endp...

This vulnerability allows attackers to perform XML External Entity (XXE) injection attacks by uploading malicious DOCX files containing remote DTD ref...

This vulnerability in Independentsoft JSpreadsheet allows attackers to perform XML External Entity (XXE) injection by uploading a malicious DOCX file ...

OpenXRechnungToolbox contains an XML External Entity (XXE) vulnerability in its visualization component that allows attackers to read arbitrary files ...

Kivitendo ERP software versions before 3.9.2 contain an XML External Entity (XXE) injection vulnerability in the ZUGFeRD electronic invoice upload fun...

CVE-2025-66371 is an XML External Entity (XXE) vulnerability in peppol-py versions before 1.1.1. It allows attackers to read arbitrary files from the ...

This vulnerability allows authenticated attackers in TopQuadrant TopBraid EDG to upload XML DTD files containing malicious JavaScript, enabling them t...

This CVE describes an XXE vulnerability in Apache Syncope Console that allows administrators with Keymaster parameter privileges to inject malicious X...

An XML External Entity (XXE) vulnerability in Cisco ISE and ISE-PIC allows authenticated administrators to read arbitrary files on the underlying oper...

This vulnerability in Biopython's Bio.Entrez module allows XML External Entity (XXE) attacks through improper restriction of XML doctype declarations....

This vulnerability allows attackers to perform XML External Entity (XXE) attacks against Hitachi Vantara Pentaho Business Analytics Server. By submitt...

This CVE describes an XML External Entity (XXE) injection vulnerability that allows attackers to read arbitrary files from affected systems. It affect...

This XXE vulnerability in Adobe ColdFusion allows high-privileged attackers to bypass security restrictions and access sensitive information without u...

This vulnerability in Dell AppSync 4.6.0.0 allows a low-privileged attacker with local access to exploit an XML External Entity (XXE) flaw, potentiall...

Agiloft Release 28 contains an XML External Entities (XXE) vulnerability in import/export functionality that allows authenticated attackers to perform...

CVE-2025-66372 is an XML External Entity (XXE) vulnerability in Mustang library versions before 2.16.3 that allows attackers to exfiltrate files from ...

This CVE describes an XML External Entity (XXE) vulnerability in Asterisk's XML parsing function. It allows attackers to read sensitive files from the...

This XXE vulnerability in Schneider Electric's EBO system allows attackers to read local files, interact with internal systems, or cause denial of ser...