CVE-2025-22478

Dell Storage Center / Dell Storage Manager version 20.1.20 is affected by an XML External Entity (XXE) vulnerability caused by improper restriction of external entity references in XML processing. An unauthenticated attacker with adjacent network access could trigger information disclosure and da...

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

Delta Industrial Automation DRAS

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: Delta Robot Automation Studio DRAS Vulnerability: Improper Restriction of XML External Entity Reference. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

CVE-2022-0839

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0...

CVE-2021-3878 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

ICSA-21-063-02_Schneider Electric EcoStruxure Building Operation (EBO)

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...

Siemens JT2Go and Teamcenter Visualization (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization --------- Begin Update B Part 1 of 2 --------- Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-Bounds Write,...

Advantech WISE-PaaS/RMM

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerabilities: Path Traversal, Missing Authorization, Improper Restriction of XML External Entity Reference, SQL Injection 2. RISK EVALUATION Successful...

Fr. Sauter AG CASE Suite

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fr. Sauter AG Equipment: CASE Suite Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Adobe ColdFusion 11.x < 11u13 / 2016.x < 2016u5 Multiple Vulnerabilities (APSB17-30)

The version of Adobe ColdFusion running on the remote Windows host is 11.x prior to update 13 or 2016.x prior to update 5. It is, therefore, affected by multiple vulnerabilities : - A Java deserialization flaw exists that allows an unauthenticated, remote attacker to execute arbitrary code...