Math 代码问题漏洞

Math is an open source math plugin for PHPOffice. A code issue vulnerability exists in versions of Math prior to 0.3.0 that stems from unfiltered XML data being loaded, which could lead to an XXE attack...

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-23595

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-40771

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure...

CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference

Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-28154

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-47621

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...

CVE-2021-35201

NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity XXE attacks...

CVE-2020-14029

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

PT-2025-22568 · Lantronix · Lantronix Device Installer

Name of the Vulnerable Software and Affected Versions: Lantronix Device installer affected versions not specified Description: The issue concerns XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices...

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

The vulnerability of the Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition software lies in the improper limitation of XML references to external objects. This allows attackers to carry out XXE attacks.

The vulnerability of Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition software products is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...