Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-1626
XML External Entity (XXE) vulnerability in MARC::File::XML module prior to 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent malicious users to read arbitrary files via a crafted XML file.
Galen Charlton Marc-xml
Galen Charlton Marc-xml 1.0
6.5
CVSSv3
CVE-2023-37942
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins External Monitor Job Type
8.2
CVSSv3
CVE-2020-4462
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability t...
Ibm Sterling External Authentication Server 2.4.2.0
Ibm Sterling External Authentication Server 2.4.3.2
Ibm Sterling External Authentication Server 6.0.0.0
Ibm Sterling External Authentication Server 6.0.1.0
Ibm Sterling Secure Proxy 3.4.2.0
Ibm Sterling Secure Proxy 3.4.3.0
Ibm Sterling Secure Proxy 6.0.0.0
Ibm Sterling Secure Proxy 6.0.1.0
8.1
CVSSv3
CVE-2019-19031
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
Edit-xml Easy Xml Editor
8.8
CVSSv3
CVE-2022-47514
An XML external entity (XXE) injection vulnerability in XML-RPC.NET prior to 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.
Xml-rpc.net Project Xml-rpc.net
1 Github repository
7.5
CVSSv3
CVE-2020-26708
requests-xml v0.2.3 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
Requests-xml Project Requests-xml 0.2.3
7.5
CVSSv3
CVE-2020-26709
py-xml v1.0 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
Py-xml Project Py-xml 1.0
9.3
CVSSv2
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity referenc...
Invensys Wonderware Win-xml Exporter 1522.148.0.0
9.8
CVSSv3
CVE-2016-3720
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows malicious users to have unspecified impact via unknown vectors.
Fedoraproject Fedora 24
Fasterxml Jackson-dataformat-xml
4 Github repositories
10
CVSSv3
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »