CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

709 matches found

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7.2AI score0.24257EPSS

Exploits0References5

Positive Technologies•added 2026/05/22 12:0 a.m.•11 views

PT-2026-42754

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.7AI score0.00416EPSS

Exploits0References3

OSV•added 2026/05/06 2:44 p.m.•2 views

BIT-JAVA-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01172EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:39 p.m.•10 views

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

4.9CVSS6.7AI score0.03026EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:23 p.m.•5 views

CVE-2018-14485

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...

9.8CVSS6.9AI score0.16287EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 11:28 a.m.•8 views

CVE-2021-33208

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...

7.2CVSS6.9AI score0.01106EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•8 views

CVE-2021-28973

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks...

4.9CVSS6.9AI score0.00891EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:52 a.m.•7 views

CVE-2020-10799

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call...

9.8CVSS6.9AI score0.01448EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:7 a.m.•7 views

CVE-2020-24591

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0...

6.5CVSS6.9AI score0.01033EPSS

Exploits0References1

Tenable Nessus•added 2025/11/13 12:0 a.m.•5 views

Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2016-9318)

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...

5.5CVSS6.8AI score0.02938EPSS

Exploits1References4

Vulnrichment•added 2025/10/29 1:29 p.m.•2 views

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

6.6AI score0.00292EPSS

Exploits0References1