Skip to main content

CWE-112

Missing XML Validation

5 CVEs Avg CVSS 7.3 MITRE
0
CRITICAL
4
HIGH
0
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-1190 Maven LOW Monitor

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. [CVSS 3.1 LOW]

Denial Of Service
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2023-40310 HIGH This Week

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-28213 HIGH POC THREAT This Week

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
12.5%
CVE-2021-1359 HIGH This Week

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance Asyncos
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-1975 HIGH This Week

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.0%
EPSS 0% CVSS 3.1
LOW Monitor

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. [CVSS 3.1 LOW]

Denial Of Service
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
EPSS 12% CVSS 8.1
HIGH POC THREAT This Week

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy