Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20030
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact ...
Cisco Identity Services Engine 3.2
Cisco Identity Services Engine
3.6
CVSSv2
CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External ...
Cisco Anyconnect Secure Mobility Client
NA
CVE-2020-26066
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when ...
7.5
CVSSv2
CVE-2015-0581
The XML parser in Cisco Prime Service Catalog prior to 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading p...
Cisco Prime Service Catalog
NA
CVE-2022-45876
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase
2.1
CVSSv2
CVE-2019-2861
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion P...
Oracle Hyperion Planning 11.1.2.4
1 EDB exploit
4.3
CVSSv2
CVE-2018-0218
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8(0.8)
4.3
CVSSv2
CVE-2018-0207
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8(0.8)
NA
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
Ivanti Avalanche
5
CVSSv2
CVE-2012-4399
The Xml class in CakePHP 2.1.x prior to 2.1.5 and 2.2.x prior to 2.2.1 allows remote malicious users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Cakefoundation Cakephp
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »