PT-2025-30137 · Jinher Oa · Jinher Oa

Name of the Vulnerable Software and Affected Versions: Jinher OA version 1.2 Description: A vulnerability exists in Jinher OA 1.2 related to xml external entity reference within the ProjectScheduleDelete.aspx file. This issue can be exploited remotely. The exploit has been publicly disclosed...

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from China Jinher Jinher Company. A code issue vulnerability exists in Jinher OA version 1.2, which stems from an incorrect operation of the file ProjectScheduleDelete.aspx resulting in an XML external entity reference...

PT-2025-30138 · Jinher Oa · Jinher Oa

Name of the Vulnerable Software and Affected Versions: Jinher OA version 1.1 Description: A vulnerability exists in the processing of the XmlHttp.aspx file, leading to XML external entity reference XXE. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations...

Adobe ColdFusion < 2021.x < 2021u21 / 2023.x < 2023u15 / 2025.x < 2025u3 Multiple Vulnerabilities (APSB25-69)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 21, 2023.x update 15, or 2025.x update 3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB25-69 advisory. - ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.2, 23.14, 21.20 and earlier. The vulnerabilities in ColdFusion include a significant vulnerability related to improper restriction of XML External Entity Reference XXE, hard-coded credentials, improper authorization, XML...

CVE-2025-49535

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service b...

CVE-2025-49544

The CVE-2025-49544 entry concerns Adobe ColdFusion. Affected versions include 2025.2, 2023.14, 2021.20 and earlier. The root cause is an Improper Restriction of XML External Entity Reference (XXE), potentially leading to a security feature bypass. Impact described: a high-privileged attacker coul...

CVE-2025-5877

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml...

WordPress plugin Category Icon 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-4184

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-12298

We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...

CVE-2023-2806

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent...

CVE-2022-0198

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system...

CVE-2021-3878

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

CVE-2018-25082

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...

CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

CVE-2016-15011

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...

Hitachi JP1/IT Desktop Management 2 安全漏洞

Hitachi JP1/IT Desktop Management 2 is an automatic collection of various types of information from Hitachi, Ltd. of Japan Hitachi, allowing you to manage it in one place. A security vulnerability exists in Hitachi JP1/IT Desktop Management 2 versions prior to 12-00 to 12-00-08, 11-10 to 11-10-08...