Total
1235 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2025-04-30 | 9.8 Critical |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2025-04-30 | 9.8 Critical |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-43689 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | 5.3 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | ||||
| CVE-2022-3340 | 1 Trellix | 1 Intrusion Prevention System Manager | 2025-04-30 | 5.9 Medium |
| XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | ||||
| CVE-2022-3980 | 1 Sophos | 1 Mobile | 2025-04-29 | 9.8 Critical |
| An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | ||||
| CVE-2025-2070 | 2025-04-29 | 5 Medium | ||
| An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. | ||||
| CVE-2022-40771 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | 4.9 Medium |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | ||||
| CVE-2022-23640 | 1 Excel Streaming Reader Project | 1 Excel Streaming Reader | 2025-04-23 | 9.8 Critical |
| Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround. | ||||
| CVE-2022-38419 | 1 Adobe | 1 Coldfusion | 2025-04-23 | 7.5 High |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-42341 | 1 Adobe | 1 Coldfusion | 2025-04-23 | 7.5 High |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-46682 | 1 Jenkins | 1 Plot | 2025-04-23 | 9.8 Critical |
| Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45326 | 1 Kwoksys | 1 Information Server | 2025-04-23 | 4.9 Medium |
| An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | ||||
| CVE-2022-46827 | 1 Jetbrains | 1 Intellij Idea | 2025-04-22 | 3.9 Low |
| In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | ||||
| CVE-2022-24898 | 1 Xwiki | 1 Commons | 2025-04-22 | 4.9 Medium |
| org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. | ||||
| CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | ||||
| CVE-2017-8040 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 6.5 Medium |
| In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system. | ||||
| CVE-2017-9231 | 1 Citrix | 1 Xenmobile Server | 2025-04-20 | N/A |
| XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-9295 | 1 Hitachi | 1 Device Manager | 2025-04-20 | N/A |
| XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | ||||
| CVE-2015-7743 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
| XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | ||||
| CVE-2015-7326 | 1 Milton | 1 Webdav | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | ||||