Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25129
The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process eith...
NA
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an malicious user to access certain restricted resources without authentication.
Ivanti Connect Secure 22.5
Ivanti Connect Secure 9.1
Ivanti Connect Secure 22.4
Ivanti Policy Secure 22.5
Ivanti Zero Trust Access 22.6
1 Github repository
6 Articles
NA
CVE-2023-32327
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 up to and including 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. ...
Ibm Security Verify Access
Ibm Security Verify Access Docker
NA
CVE-2024-1167
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
Seweurodrive Movitools Motionstudio 6.5.0.2
NA
CVE-2023-4554
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated us...
Opentext Appbuilder
NA
CVE-2024-21765
Electronic Delivery Check System (Doboku) Ver.18.1.0 and previous versions, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and previous versions, Electronic Delivery Check System (Kikai) Ver.10.1.0 and previous versions, and Electronic delivery item Inspection Support Syste...
Cals-ed Electronic Delivery Item Inspection Support System
Cals-ed Electronic Delivery Check System
NA
CVE-2024-21796
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML...
Dfeg Electronic Deliverables Creation Support Tool
NA
CVE-2024-22380
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and previous versions improperly restricts XML external entity references (XXE). By processing a ...
Maff Electronic Delivery Check System
NA
CVE-2023-45139
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an malicious user to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed...
Fonttools Fonttools
1 Article
NA
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
Ivanti Avalanche
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »