CVE-2025-14543 Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3....

CVE-2026-1227

CVE-2026-1227 describes an XML External Entity (XXE) vulnerability (CWE-611) in which a local user uploading a specially crafted TGML graphics file to the EBO server from Workstation could trigger unauthorized disclosure of local files, unintended interaction within the EBO system, or denial of s...

PT-2025-39813

Name of the Vulnerable Software and Affected Versions DataSpider Servista versions 4.4 and earlier Description An improper restriction of XML external entity reference issue exists. Processing a specially crafted request may allow an attacker to read arbitrary files on the system where the server...

CVE-2025-26484

Dell CloudLink (versions 8.0–8.1.1) has an improper restriction of XML External Entity Reference vulnerability. A high-privilege attacker with remote access could cause a Denial of Service. PT-2025-33286 recommends upgrading to a version later than 8.1.1 as the remediation. No exploitation detail...

CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...

PT-2024-36773 · Unknown · Apinizer Management Console

Name of the Vulnerable Software and Affected Versions: Apinizer Management Console versions prior to 2024.05.1 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows Data Serialization External Entities Blowup. Recommendations: For versions pri...

CVE-2024-21796

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

CVE-2023-42132

FD Application Apr. 2022 Edition Version 9.01 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2023-42132

FD Application Apr. 2022 Edition Version 9.01 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2022-0265

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1...

Xxe

Improper restriction of XML external entity for IntelR QuartusR Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-0239 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

CVE-2022-0198

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby

Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.0 for JRuby users. This security advisory does not apply to CRuby users. Impact In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who par...

CVE-2020-24454

Improper Restriction of XML External Entity Reference in subsystem forIntelR QuartusR Prime Pro Edition before version 20.3 and IntelR QuartusR Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access...

Sun Java JRE External XML Entities Restriction Bypass (231246)

According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly allows processing of external entity references even when the 'external general entities' property is set to 'FALSE'. This could allow an application to access certain URL resources, such...