Skip to main content

XXE

1233 CVEs technique

Monthly

CVE-2018-2401 HIGH This Week

SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Sap Business Process Automation
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1077 HIGH This Week

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Spacewalk Satellite
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-0878 LOW POC PATCH THREAT Monitor

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft XXE Information Disclosure Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.1
3.1
EPSS
21.9%
CVE-2018-1000124 CRITICAL POC Act Now

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP I Librarian
NVD GitHub
CVSS 3.1
10.0
EPSS
1.8%
CVE-2018-1000090 HIGH POC This Week

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Textpattern
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1000069 MEDIUM POC This Month

FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Freeplane Debian Linux
NVD
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-5758 MEDIUM POC This Month

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Jive N
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-7230 HIGH PATCH This Week

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric XXE Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-6489 CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Project And Portfolio Management Center
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-2393 HIGH POC THREAT This Week

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SAP Internet Graphics Server
NVD GitHub
CVSS 3.0
7.5
EPSS
18.2%
CVE-2018-2392 HIGH POC THREAT This Week

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SAP Internet Graphics Server
NVD GitHub
CVSS 3.0
7.5
EPSS
40.6%
CVE-2018-1000056 Maven HIGH PATCH This Week

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Junit
NVD
CVSS 3.0
8.3
EPSS
1.1%
CVE-2018-1000055 Maven HIGH PATCH This Week

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins XXE SSRF Android Lint
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2018-1000054 Maven HIGH PATCH This Week

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Ccm
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2018-3600 MEDIUM PATCH This Month

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Trend Micro XXE Information Disclosure Control Manager
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1307 Maven HIGH PATCH This Week

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Juddi
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-5789 HIGH This Week

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wing
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6486 CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Fortify Audit Workbench Fortify Software Security Center
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1364 HIGH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Content Navigator
NVD
CVSS 3.0
8.2
EPSS
2.4%
CVE-2018-1000012 Maven HIGH PATCH This Week

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Warnings
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000011 Maven HIGH This Week

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Findbugs
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000010 Maven HIGH PATCH This Week

Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Dry
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000009 Maven HIGH PATCH This Week

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Checkstyle
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000008 Maven HIGH PATCH This Week

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Pmd
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-0108 MEDIUM This Month

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Webex Meetings Server
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-0100 MEDIUM This Month

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2014-3630 CRITICAL Act Now

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Java Play Framework
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14101 CRITICAL Act Now

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Conserus Image Repository
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-11286 HIGH PATCH This Week

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Adobe Coldfusion
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-14949 Maven HIGH POC PATCH This Week

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Restlet
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14868 Maven HIGH PATCH This Week

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Restlet
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000190 Maven CRITICAL POC PATCH Act Now

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure SSRF Solr Simplexml
NVD GitHub
CVSS 3.1
9.1
EPSS
4.7%
CVE-2017-10889 MEDIUM This Month

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Tablepress
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-1477 HIGH This Week

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager 9 0 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-9096 Maven HIGH PATCH This Week

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Itext
NVD
CVSS 3.0
8.8
EPSS
7.6%
CVE-2014-3600 Maven CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Apache Activemq
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2014-3579 Maven CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Apache Activemq Apollo
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2016-5002 Maven HIGH This Week

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Apache Xml Rpc
NVD
CVSS 3.0
7.8
EPSS
3.5%
CVE-2017-15639 MEDIUM POC This Month

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mura Cms
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.2%
CVE-2014-9487 CRITICAL Act Now

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Mediawiki
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-12629 Maven CRITICAL POC PATCH THREAT Act Now

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

Apache XXE Elastic RCE Solr +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
6.3
CVE-2017-10617 MEDIUM This Month

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Juniper Contrail
NVD GitHub
CVSS 3.1
5.0
EPSS
2.3%
CVE-2017-15280 NuGet MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

SSRF XXE Umbraco Cms
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12623 Maven MEDIUM PATCH This Month

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE Apache Nifi
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13706 CRITICAL Act Now

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE Lansweeper
NVD
CVSS 3.0
9.9
EPSS
1.4%
CVE-2014-0030 CRITICAL POC THREAT Emergency

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

XXE Apache Roller
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
29.1%
Threat
4.3
CVE-2017-14759 CRITICAL Act Now

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE Document Sciences Xpression
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12620 Maven CRITICAL POC PATCH Act Now

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Apache Opennlp
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-4434 Maven HIGH PATCH This Week

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

XXE Apache Tika
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14527 HIGH POC This Week

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft XXE Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-14526 HIGH This Week

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft XXE Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-12621 Maven CRITICAL PATCH Act Now

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Commons Jelly
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2017-1527 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-8710 MEDIUM POC PATCH THREAT This Month

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.1%.

Microsoft XXE Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.0
5.5
EPSS
33.1%
CVE-2017-8918 MEDIUM POC This Month

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Dive Assistant
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.7%
CVE-2017-8040 MEDIUM PATCH This Month

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Single Sign On For Pivotal Cloud Foundry
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-9095 MEDIUM POC This Month

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Diving Log
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2017-12216 HIGH This Week

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Information Disclosure Socialminer
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-9458 CRITICAL Act Now

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF Paloalto XXE Pan Os
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2015-7241 CRITICAL POC THREAT Emergency

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.4%.

XXE SAP Netweaver
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
27.4%
Threat
4.3
CVE-2015-3160 MEDIUM This Month

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Beaker
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-1458 HIGH This Week

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Qradar Network Security
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-5795 HIGH This Week

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XXE I Vu Sitescan Web Automatedlogic Webctrl
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2017-12069 HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 Wincc Local Discovery Server +1
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2016-8739 Maven HIGH PATCH This Week

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Cxf
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-1192 HIGH This Week

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Sterling B2b Integrator
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2017-11390 HIGH PATCH This Week

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2015-0194 MEDIUM PATCH This Month

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1383 CRITICAL Act Now

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.0
9.1
EPSS
0.6%
CVE-2017-9233 HIGH POC This Week

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-11457 MEDIUM This Month

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-1219 MEDIUM This Month

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-6798 Maven CRITICAL PATCH Act Now

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XSS Apache SSRF XXE Information Disclosure +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-7664 Maven CRITICAL PATCH Act Now

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Openmeetings
NVD
CVSS 3.0
10.0
EPSS
0.6%
CVE-2017-1000061 HIGH PATCH This Week

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Information Disclosure Xmlsec
NVD GitHub
CVSS 3.0
7.1
EPSS
0.6%
CVE-2017-1000021 HIGH POC This Week

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Logicaldoc
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-8557 MEDIUM PATCH This Month

Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE Information Disclosure Windows 10 Windows 7 +5
NVD
CVSS 3.0
5.5
EPSS
1.5%
CVE-2017-0170 MEDIUM PATCH This Month

Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0%.

Microsoft XXE Information Disclosure Windows 10 Windows 7 +4
NVD
CVSS 3.0
6.5
EPSS
18.0%
CVE-2017-1254 HIGH This Week

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Guardium
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2017-10670 CRITICAL Act Now

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Osci Transport Library
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-1322 HIGH PATCH This Week

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Api Connect
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2017-6662 HIGH This Week

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Cisco Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.0
8.0
EPSS
0.9%
CVE-2017-9231 HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-9698 HIGH PATCH This Week

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Rhapsody Design Manager
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-9355 HIGH POC This Week

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Subsonic
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
4.2%
CVE-2016-0254 MEDIUM PATCH This Month

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Cognos Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2015-7326 CRITICAL POC PATCH Act Now

XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Webdav
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-2308 MEDIUM This Month

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Juniper Junos Space
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9295 MEDIUM This Month

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Device Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6256 CRITICAL POC THREAT Emergency

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Google XXE SAP Business One
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
10.1%
EPSS 2% CVSS 8.8
HIGH This Week

SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Sap Business Process Automation
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Spacewalk Satellite
NVD
EPSS 22% CVSS 3.1
LOW POC PATCH THREAT Monitor

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft XXE Information Disclosure +7
NVD Exploit-DB
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Textpattern
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC This Month

FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Freeplane Debian Linux
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Jive N
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric XXE Mps110 1 Firmware +19
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Project And Portfolio Management Center
NVD
EPSS 18% CVSS 7.5
HIGH POC THREAT This Week

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SAP Internet Graphics Server
NVD GitHub
EPSS 41% CVSS 7.5
HIGH POC THREAT This Week

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SAP Internet Graphics Server
NVD GitHub
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins XXE +2
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Trend Micro XXE Information Disclosure +1
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Juddi
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wing
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Fortify Audit Workbench Fortify Software Security Center
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Content Navigator
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Cisco Anyconnect Secure Mobility Client
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Java +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Conserus Image Repository
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Adobe Coldfusion
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Restlet
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Restlet
NVD GitHub
EPSS 5% CVSS 9.1
CRITICAL POC PATCH Act Now

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure SSRF +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Tablepress
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager 9 0 Firmware
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Itext
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Apache Activemq
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Apache Activemq Apollo
NVD
EPSS 4% CVSS 7.8
HIGH This Week

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Apache +1
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mura Cms
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Mediawiki
NVD
EPSS 94% 6.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

Apache XXE Elastic +5
NVD Exploit-DB
EPSS 2% CVSS 5.0
MEDIUM This Month

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Juniper Contrail
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

SSRF XXE Umbraco Cms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE Apache Nifi
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE +1
NVD
EPSS 29% 4.3 CVSS 9.8
CRITICAL POC THREAT Emergency

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

XXE Apache Roller
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Apache Opennlp
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

XXE Apache Tika
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft XXE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft XXE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Commons Jelly
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
EPSS 33% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.1%.

Microsoft XXE Information Disclosure +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Dive Assistant
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Single Sign On For Pivotal Cloud Foundry
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Diving Log
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF Paloalto +2
NVD
EPSS 27% 4.3 CVSS 9.8
CRITICAL POC THREAT Emergency

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.4%.

XXE SAP Netweaver
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Beaker
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Qradar Network Security
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XXE I Vu +2
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Cxf
NVD
EPSS 1% CVSS 8.2
HIGH This Week

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Sterling B2b Integrator
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE IBM Sterling B2b Integrator +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE SAP +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Bigfix Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XSS Apache SSRF +3
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Openmeetings
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Logicaldoc
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE Information Disclosure +7
NVD
EPSS 18% CVSS 6.5
MEDIUM PATCH This Month

Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0%.

Microsoft XXE Information Disclosure +6
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Security Guardium
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Osci Transport Library
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Api Connect
NVD
EPSS 1% CVSS 8.0
HIGH This Week

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Cisco +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +1
NVD
EPSS 4% CVSS 7.4
HIGH POC This Week

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Subsonic
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Webdav
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Juniper Junos Space
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Device Manager
NVD
EPSS 10% CVSS 9.6
CRITICAL POC THREAT Emergency

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Google XXE SAP +1
NVD Exploit-DB
Prev Page 11 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy