Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

Zor-Seviye-xxe-Lab

AltaySec SOC Policy Manager — Zor Seviye Blind OOB XXE Lab...

CVE-2020-7572

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

EUVD-2023-41120

Malicious code in bioql PyPI...

CVE-2025-6438

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...

CVE-2025-6438

Schneider Electric EcoStruxure IT Data Center Expert (prior to 9.0; affected versions 8.3 and earlier) is affected by CVE-2025-6438: XML External Entity (XXE) injection via the DataExchange SOAP route, enabling unauthenticated or low-privilege exploitation to read local files and potentially caus...

CVE-2025-6438

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...

GHSA-42HM-PQ2F-3R7M PHPOffice Math allows XXE when processing an XML file in the MathML format

Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Description: An attacker can create a special XML file, duri...

CVE-2024-12298

We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...

CVE-2025-4639

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...

CVE-2025-4639

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...

CVE-2025-4639

CVE-2025-4639 affects Peergos up to version 1.1.0, due to CWE-611 (Improp er Restriction of XML External Entity Reference) in the WebDav servlet’s getDocumentBuilder() method. Multiple sources corroborate the issue in Peergos 1.1.0 and earlier, describing a vulnerability that can impact confident...

CVE-2025-4639 Improper Restriction of XML External Entity Reference in Peergos

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...

CVE-2024-12476

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration...

Security Bulletin: IBM Master Data Managemenet is vulnerable to an XML injection for an XXE attack due to vulnerability found in IBM Websphere Application Server (CVE-2024-45086)

Summary IBM Master Data Managemenet v11.6, v12.0, and v14.0 are vulnerable to an XML injection attack due to vulnerability found in IBM Websphere Application Server.: IBM Master Data Managemenet is vulnerable to an XML injection attack due to vulnerability found in IBM Websphere Application Serve...

Security Bulletin: XML External Entity Injection attack in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22354).

Summary IBM Storage Protect Operations Center may be affected by loss of confidentiality, availability and integrity of host system caused by XML External Entity Injection XXE attack in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere...

CVE-2024-12476

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration...

CVE-2024-12476

CVE-2024-12476 affects Schneider Electric Web Designer configuration tool. The defect is an XML External Entity (XXE) reference vulnerability (CWE-611) in the XML import path, leading to information disclosure, potential workstation integrity impact, and possible remote code execution on the comp...

CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer

We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...