CWE-91: CWE-91

This vulnerability allows authenticated attackers to execute arbitrary code on Apache HertzBeat servers by injecting malicious XML into HTTP sitemap r...

CVE-2021-2322 is a critical vulnerability in OpenGrok web application that allows authenticated attackers with low privileges to completely compromise...

This XML injection vulnerability in SAP BEx Web Java Runtime Export Web Service allows attackers to retrieve sensitive information from SAP ADS system...

Apache Ivy versions before 2.5.2 have an XML External Entity (XXE) vulnerability that allows attackers to read arbitrary files, access internal resour...

This CVE describes an XML injection vulnerability in Magento Commerce's 'City' field that allows unauthenticated attackers to execute arbitrary code r...

This XXE injection vulnerability in yimioa's XML parsing component allows attackers to execute arbitrary code by uploading malicious XML files. It aff...

This XML injection vulnerability in IBM ICP - Voice Gateway allows remote attackers to send specially crafted XML statements to view or modify informa...

CVE-2024-28109 is a remote code execution vulnerability in veraPDF-library that allows attackers to execute arbitrary code by exploiting XSL transform...

This vulnerability allows remote code execution on Splunk Enterprise instances by uploading malicious XSLT files. Attackers can execute arbitrary code...

This vulnerability allows local attackers on Parallels Desktop guest systems to escalate privileges by exploiting XML injection in the Toolgate compon...

An XPath injection vulnerability in WatchGuard Fireware OS allows remote unauthenticated attackers to extract sensitive configuration data from Firebo...

CVE-2023-22247 is an XML injection vulnerability in Adobe Commerce that allows unauthenticated attackers to read arbitrary files from the server. This...

CVE-2022-33739 is an XML External Entity (XXE) vulnerability in CA Clarity PPM that allows remote attackers to read arbitrary files on the server. Thi...

CVE-2021-27777 is an XML External Entity (XXE) injection vulnerability in HCL Domino that allows attackers to read arbitrary files from the server fil...

An XML external entity injection vulnerability in HPE Insight Remote Support allows remote attackers to read arbitrary files from the server filesyste...

This vulnerability allows authenticated administrators in Umbraco CMS to execute arbitrary code remotely via XSLT processing. Attackers can inject mal...

This vulnerability allows authenticated admin users in OpenMage Magento LTS to execute arbitrary commands through layout XML manipulation. It affects ...

This XML External Entity (XXE) vulnerability in the uzy-ssm-mall e-commerce platform allows attackers to execute arbitrary code by sending specially c...

This vulnerability in fontTools allows arbitrary file write leading to remote code execution when processing malicious .designspace files. It affects ...

An authenticated attacker can exploit an XML external entities (XXE) injection vulnerability in Exagrid EX10's /init API endpoint to read sensitive fi...

CVE-2025-7473 is an XML injection vulnerability in Zohocorp ManageEngine EndPoint Central that allows attackers to manipulate XML data processing. Thi...

Adobe Experience Manager versions 6.5.23.0 and earlier contain an XML injection vulnerability that allows low-privileged attackers to manipulate XML q...

This XML Injection vulnerability in Drupal CAS Server allows attackers to manipulate XPath queries to escalate privileges. It affects Drupal sites usi...