Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2018-17152
Intersystems Cache 2017.2.2.865.0 allows XXE.
Intersystems Cache 2017.2.2.865.0
Intersystems Cache 2018.1.2
NA
CVE-2022-48565
An XML External Entity (XXE) issue exists in Python up to and including 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Python Python
Debian Debian Linux 10.0
5.5
CVSSv2
CVE-2022-28154
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Coverage\\/complexity Scatter Plot
4.3
CVSSv2
CVE-2020-24656
Maltego prior to 4.2.12 allows XXE attacks.
Maltego Maltego
1 Github repository
5
CVSSv2
CVE-2021-29421
models/metadata.py in the pikepdf package 1.3.0 up to and including 2.9.2 for Python allows XXE when parsing XMP metadata entries.
Pikepdf Project Pikepdf
Fedoraproject Fedora 32
Fedoraproject Fedora 33
4
CVSSv2
CVE-2020-35123
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
7.5
CVSSv2
CVE-2019-20627
AutoUpdater.cs in AutoUpdater.NET prior to 1.5.8 allows XXE.
Rbsoft Autoupdater.net
7.5
CVSSv2
CVE-2013-4334
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
Tejimaya Opwebapiplugin 0.1.0
Tejimaya Opwebapiplugin 0.4.0
Tejimaya Opwebapiplugin 0.5.1
7.5
CVSSv2
CVE-2018-20059
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
Pippo Pippo 1.11.0
NA
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an malicious user to access certain restricted resources without authentication.
Ivanti Connect Secure 22.5
Ivanti Connect Secure 9.1
Ivanti Connect Secure 22.4
Ivanti Policy Secure 22.5
Ivanti Zero Trust Access 22.6
1 Github repository
6 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »