Skip to main content

XXE

1233 CVEs technique

Monthly

CVE-2018-1905 HIGH This Week

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.0
7.1
EPSS
2.5%
CVE-2018-19277 PHP HIGH POC PATCH This Week

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.8%
CVE-2018-19244 HIGH POC This Week

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Charles
NVD
CVSS 3.0
8.6
EPSS
2.0%
CVE-2018-15444 HIGH POC This Week

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cisco Energy Management Suite Software
NVD
CVSS 3.0
7.3
EPSS
2.0%
CVE-2018-17186 Maven HIGH PATCH This Week

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Syncope
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2018-18980 HIGH POC THREAT This Week

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XXE Manageengine Network Configuration Manager Manageengine Opmanager
NVD GitHub
CVSS 3.0
7.5
EPSS
25.0%
CVE-2018-1846 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1835 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Daeja Viewone
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-17912 HIGH This Week

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Case Suite
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-18737 HIGH POC This Week

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP Douchat
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-18659 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Udp
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1747 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Key Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1844 HIGH PATCH This Week

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Filenet Content Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-12544 Maven CRITICAL PATCH Act Now

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Vert X
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-8533 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8532 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8527 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8494 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE Windows 10 Windows 7 +6
NVD
CVSS 3.0
8.8
EPSS
22.2%
CVE-2018-11796 Maven HIGH PATCH This Week

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Apache Tika
NVD
CVSS 3.0
7.5
EPSS
6.9%
CVE-2018-10614 HIGH This Week

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Levistudiou
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-17889 MEDIUM This Month

In WECON Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Information Disclosure Pi Studio Pi Studio Hmi
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-0414 MEDIUM This Month

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cisco Secure Access Control Server Solution Engine
NVD
CVSS 3.0
5.7
EPSS
1.8%
CVE-2018-12471 HIGH This Week

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Subscription Management Tool
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-1702 HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-17411 CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Data Quality Suite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-15531 Maven CRITICAL PATCH Act Now

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Javamelody
NVD GitHub
CVSS 3.0
9.8
EPSS
27.9%
CVE-2018-1669 HIGH PATCH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1607 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1588 HIGH This Week

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-12243 HIGH This Week

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Messaging Gateway
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-11761 Maven HIGH PATCH This Week

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Apache Tika Business Process Management Suite
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2018-12585 HIGH This Week

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service XXE Ua Net Legacy Ua Java
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-8420 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE Windows 10 Windows 7 +2
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2018-16252 LOW POC Monitor

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Event Log Explorer
NVD Exploit-DB
CVSS 3.0
3.3
EPSS
2.5%
CVE-2018-16521 CRITICAL PATCH Act Now

An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Html Form Entry Reference Application
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-16303 HIGH POC This Week

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Pdf Xchange Editor
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-11719 MEDIUM This Month

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Pc2R Firmware Pc3 Firmware Pc2 Firmware
NVD
CVSS 3.0
4.9
EPSS
0.8%
CVE-2018-13826 CRITICAL PATCH Act Now

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Project Portfolio Management
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2018-13823 HIGH PATCH This Week

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Project Portfolio Management
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-11758 Maven HIGH PATCH This Week

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Cayenne
NVD
CVSS 3.0
8.1
EPSS
3.0%
CVE-2018-1000652 CRITICAL Act Now

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE SSRF Jabref
NVD GitHub
CVSS 3.0
10.0
EPSS
1.9%
CVE-2018-1000651 CRITICAL PATCH Act Now

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF Stroom
NVD GitHub
CVSS 3.0
10.0
EPSS
1.9%
CVE-2018-1000644 Maven CRITICAL PATCH Act Now

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF Rdf4J
NVD GitHub
CVSS 3.0
10.0
EPSS
2.0%
CVE-2018-1000639 CRITICAL POC Act Now

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Latexdraw
NVD GitHub
CVSS 3.1
9.6
EPSS
1.6%
CVE-2018-13417 CRITICAL POC THREAT Act Now

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Bittorrent Client
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.7%
CVE-2018-13415 CRITICAL POC THREAT Act Now

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Media Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.8%
CVE-2018-11048 HIGH This Week

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XXE Denial Of Service Emc Data Protection Advisor Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-12408 HIGH This Week

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Activematrix Businessworks Activematrix Businessworks Distribution For Tibco Silver Fabric
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-14473 CRITICAL POC Act Now

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Ocsinventory Ng
NVD
CVSS 3.0
9.1
EPSS
3.1%
CVE-2018-13416 CRITICAL POC THREAT Act Now

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Universal Media Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.2%
CVE-2018-3881 CRITICAL POC Act Now

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Focalscope
NVD
CVSS 3.1
9.4
EPSS
1.2%
CVE-2018-8027 Maven CRITICAL PATCH Act Now

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Camel
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2018-10600 CRITICAL Act Now

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE RCE Acselerator Architect
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-14065 PHP CRITICAL PATCH Act Now

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE PHP Common
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-12463 CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Fortify Software Security Center
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.8%
CVE-2018-1000616 CRITICAL POC Act Now

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Onos
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000614 CRITICAL POC PATCH Act Now

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java XXE Onos
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-13439 Maven HIGH POC This Week

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wechat Pay
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-1542 HIGH PATCH This Week

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Filenet Content Manager Content Foundation
NVD
CVSS 3.0
7.1
EPSS
2.4%
CVE-2018-8026 Maven MEDIUM POC PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Solr Snapcenter Storage Automation Store
NVD
CVSS 3.0
5.5
EPSS
9.0%
CVE-2018-11640 CRITICAL POC Act Now

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Powermedia Xms
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2018-7783 HIGH This Week

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XXE Somachine Basic
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1000548 HIGH POC This Week

Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF Umlet
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000546 HIGH POC This Week

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF RCE Triplea
NVD GitHub
CVSS 3.0
7.8
EPSS
2.6%
CVE-2018-1000542 HIGH POC This Week

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF RCE Netbeans Mmd Plugin
NVD GitHub
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-1000540 HIGH POC This Week

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF Loboevolution
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-1000515 HIGH POC This Week

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE News Articles
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-8819 HIGH POC This Week

An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Automatedlogic Webctrl
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-5434 MEDIUM This Month

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Runtime Agent
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-5433 MEDIUM This Month

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Administrator
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6670 MEDIUM This Month

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Common Catalog
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1456 HIGH PATCH This Week

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Rational Rhapsody Design Manager Rational Software Architect Design Manager
NVD
CVSS 3.0
7.1
EPSS
2.0%
CVE-2018-11586 CRITICAL POC THREAT Act Now

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Searchblox
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
15.2%
CVE-2018-1000198 Maven MEDIUM PATCH This Month

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XXE Black Duck Hub
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-10613 HIGH This Week

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XXE Mds Pulsenet
NVD
CVSS 3.0
7.5
EPSS
18.3%
CVE-2018-10653 CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.8%
CVE-2018-1309 Maven CRITICAL PATCH Act Now

Apache NiFi External XML Entity issue in SplitXML processor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

RCE XXE Information Disclosure Apache Nifi
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-8010 Maven MEDIUM PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Apache Solr
NVD
CVSS 3.0
5.5
EPSS
3.9%
CVE-2018-4942 HIGH This Week

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2018-10832 MEDIUM POC This Month

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Modbuspal
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
6.0%
CVE-2018-1259 Maven HIGH PATCH This Week

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Data Commons Spring Data Rest Xmlbeam
NVD VulDB
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-0765 NuGet HIGH PATCH This Week

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE Denial Of Service Net Core Net Framework
NVD
CVSS 3.0
7.5
EPSS
7.7%
CVE-2018-1247 HIGH POC THREAT This Week

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Authentication Manager
NVD Exploit-DB
CVSS 3.0
7.1
EPSS
16.4%
CVE-2018-1183 CRITICAL Act Now

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft XXE Dell Emc Smis +15
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-10175 MEDIUM This Month

Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Management Console
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-10077 MEDIUM POC This Month

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Watchdog Console
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
8.3%
CVE-2018-1308 Maven HIGH PATCH This Week

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Solr Debian Linux
NVD
CVSS 3.0
7.5
EPSS
20.9%
CVE-2018-1421 HIGH PATCH This Week

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
CVSS 3.0
7.1
EPSS
1.4%
CVE-2018-9116 CRITICAL Act Now

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wiremock
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2018-6225 MEDIUM POC PATCH This Month

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XXE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
4.1%
EPSS 3% CVSS 7.1
HIGH This Week

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
EPSS 8% CVSS 8.8
HIGH POC PATCH This Week

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.6
HIGH POC This Week

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Charles
NVD
EPSS 2% CVSS 7.3
HIGH POC This Week

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cisco Energy Management Suite Software
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Syncope
NVD
EPSS 25% CVSS 7.5
HIGH POC THREAT This Week

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XXE Manageengine Network Configuration Manager +1
NVD GitHub
EPSS 2% CVSS 7.1
HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Daeja Viewone
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Case Suite
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Udp
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Key Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Filenet Content Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Vert X
NVD GitHub
EPSS 23% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure +1
NVD Exploit-DB
EPSS 23% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure +1
NVD Exploit-DB
EPSS 23% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure +1
NVD Exploit-DB
EPSS 22% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE +8
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Apache +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Levistudiou
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In WECON Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Information Disclosure Pi Studio +1
NVD
EPSS 2% CVSS 5.7
MEDIUM This Month

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cisco Secure Access Control Server Solution Engine
NVD
EPSS 2% CVSS 8.1
HIGH This Week

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Subscription Management Tool
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Data Quality Suite
NVD GitHub
EPSS 28% CVSS 9.8
CRITICAL PATCH Act Now

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Javamelody
NVD GitHub
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Messaging Gateway
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Apache +2
NVD
EPSS 2% CVSS 8.2
HIGH This Week

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service XXE +2
NVD
EPSS 49% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE +4
NVD
EPSS 3% CVSS 3.3
LOW POC Monitor

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Event Log Explorer
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Html Form Entry Reference Application
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Pdf Xchange Editor
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Pc2R Firmware Pc3 Firmware +1
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Project Portfolio Management
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Project Portfolio Management
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Cayenne
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE SSRF +1
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF +1
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF +1
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL POC Act Now

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Latexdraw
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Bittorrent Client
NVD Exploit-DB
EPSS 32% CVSS 9.8
CRITICAL POC THREAT Act Now

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Media Server
NVD Exploit-DB
EPSS 2% CVSS 8.1
HIGH This Week

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XXE Denial Of Service +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Activematrix Businessworks Activematrix Businessworks Distribution For Tibco Silver Fabric
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Ocsinventory Ng
NVD
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Universal Media Server
NVD Exploit-DB
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Focalscope
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Camel
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE PHP Common
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Fortify Software Security Center
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Onos
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java XXE Onos
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wechat Pay
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Filenet Content Manager +1
NVD
EPSS 9% CVSS 5.5
MEDIUM POC PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Solr +2
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Powermedia Xms
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XXE Somachine Basic
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF +1
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC This Week

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF +2
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC This Week

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE News Articles
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Automatedlogic Webctrl
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Runtime Agent
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Administrator
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Common Catalog
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Rational Rhapsody Design Manager +1
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Act Now

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Searchblox
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XXE +1
NVD
EPSS 18% CVSS 7.5
HIGH This Week

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XXE Mds Pulsenet
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Apache NiFi External XML Entity issue in SplitXML processor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

RCE XXE Information Disclosure +2
NVD
EPSS 4% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Apache Solr
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure +1
NVD
EPSS 6% CVSS 5.5
MEDIUM POC This Month

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Modbuspal
NVD Exploit-DB
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Data Commons +2
NVD VulDB
EPSS 8% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE Denial Of Service +2
NVD
EPSS 16% CVSS 7.1
HIGH POC THREAT This Week

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Authentication Manager
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft XXE +17
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Management Console
NVD
EPSS 8% CVSS 4.9
MEDIUM POC This Month

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Watchdog Console
NVD Exploit-DB
EPSS 21% CVSS 7.5
HIGH PATCH This Week

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Solr +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wiremock
NVD
EPSS 4% CVSS 4.3
MEDIUM POC PATCH This Month

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XXE Email Encryption Gateway
NVD Exploit-DB
Prev Page 10 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy