Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: cwe-611 Clear
ID Title
CVE-2026-47898 XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Risk of unauthorized operations or information disclosure.
CVE-2026-13449 XXE (XML External Entity) in ibm (CVE-2026-13449)
vulnerability in ibm (CVE-2026-13449). Risk of unauthorized operations or information disclosure.
CVE-2025-58175 Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
CVE-2026-49875 XXE (XML External Entity) in apache (CVE-2026-49875)
vulnerability in apache (CVE-2026-49875). Successful exploitation can lead to full system takeover.
CVE-2026-47960 XXE (XML External Entity) in adobe (CVE-2026-47960)
vulnerability in adobe (CVE-2026-47960). Confidential information can be exposed externally.
CVE-2026-8045 XXE (XML External Entity) in schneider-electric (CVE-2026-8045)
vulnerability in schneider-electric (CVE-2026-8045). Confidential information can be exposed externally.
CVE-2026-49383 In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-3603 XXE (XML External Entity) in ibm (CVE-2026-3603)
vulnerability in ibm (CVE-2026-3603). Confidential information can be exposed externally.
CVE-2026-26171 Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
CVE-2022-21282 XXE (XML External Entity) in java (CVE-2022-21282)
vulnerability in java (CVE-2022-21282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
CVE-2026-40682 XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-22016 Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
CVE-2025-68493 XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
CVE-2025-58360 KEV [KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-61821 XXE (XML External Entity) in adobe (CVE-2025-61821)
vulnerability in adobe (CVE-2025-61821). Confidential information can be exposed externally.
CVE-2025-61813 XXE (XML External Entity) in adobe (CVE-2025-61813)
vulnerability in adobe (CVE-2025-61813). Confidential information can be exposed externally.
CVE-2025-2776 KEV [KEV] XXE (XML External Entity) in sysaid (CVE-2025-2776)
vulnerability in sysaid (CVE-2025-2776). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-2775 KEV [KEV] XXE (XML External Entity) in sysaid (CVE-2025-2775)
vulnerability in sysaid (CVE-2025-2775). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-45727 KEV [KEV] XXE (XML External Entity) in North grid north-grid (CVE-2023-45727)
vulnerability in North grid north-grid (CVE-2023-45727). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-34102 KEV [KEV] XXE (XML External Entity) in Adobe commerce-and-magento-open-source (CVE-2024-34102)
vulnerability in Adobe commerce-and-magento-open-source (CVE-2024-34102). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-25912 XXE (XML External Entity) in dos (CVE-2020-25912)
vulnerability in dos (CVE-2020-25912). Confidential information can be exposed externally.
CVE-2022-22977 XXE (XML External Entity) in vmware (CVE-2022-22977)
vulnerability in vmware (CVE-2022-22977). Confidential information can be exposed externally.
CVE-2019-9670 KEV [KEV] XXE (XML External Entity) in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-13608 KEV [KEV] XXE (XML External Entity) in Citrix storefront-server (CVE-2019-13608)
vulnerability in Citrix storefront-server (CVE-2019-13608). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-9563 KEV [KEV] XXE (XML External Entity) in Sap netweaver (CVE-2016-9563)
vulnerability in Sap netweaver (CVE-2016-9563). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-1259 XXE (XML External Entity) in broadcom (CVE-2018-1259)
vulnerability in broadcom (CVE-2018-1259). Confidential information can be exposed externally.
CVE-2014-3630 XXE (XML External Entity) in dos (CVE-2014-3630)
vulnerability in dos (CVE-2014-3630). Successful exploitation can lead to full system takeover.
CVE-2017-11286 XXE (XML External Entity) in adobe (CVE-2017-11286)
vulnerability in adobe (CVE-2017-11286). Confidential information can be exposed externally.
CVE-2017-1477 XXE (XML External Entity) in ibm (CVE-2017-1477)
vulnerability in ibm (CVE-2017-1477). Confidential information can be exposed externally.
CVE-2014-3600 XXE (XML External Entity) in apache (CVE-2014-3600)
vulnerability in apache (CVE-2014-3600). Successful exploitation can lead to full system takeover.
CVE-2014-3579 XXE (XML External Entity) in apache (CVE-2014-3579)
vulnerability in apache (CVE-2014-3579). Successful exploitation can lead to full system takeover.
CVE-2016-5002 XXE (XML External Entity) in apache (CVE-2016-5002)
vulnerability in apache (CVE-2016-5002). Successful exploitation can lead to full system takeover.
CVE-2017-12629 XXE (XML External Entity) in c (CVE-2017-12629)
vulnerability in c (CVE-2017-12629). Successful exploitation can lead to full system takeover.
CVE-2017-10617 XXE (XML External Entity) in c (CVE-2017-10617)
vulnerability in c (CVE-2017-10617). Risk of unauthorized operations or information disclosure.
CVE-2017-12623 XXE (XML External Entity) in apache (CVE-2017-12623)
vulnerability in apache (CVE-2017-12623). Confidential information can be exposed externally.
CVE-2014-0030 XXE (XML External Entity) in apache (CVE-2014-0030)
vulnerability in apache (CVE-2014-0030). Successful exploitation can lead to full system takeover.
CVE-2017-12620 XXE (XML External Entity) in apache (CVE-2017-12620)
vulnerability in apache (CVE-2017-12620). Successful exploitation can lead to full system takeover.
CVE-2016-4434 XXE (XML External Entity) in apache (CVE-2016-4434)
vulnerability in apache (CVE-2016-4434). Successful exploitation can lead to full system takeover.
CVE-2017-12621 XXE (XML External Entity) in apache (CVE-2017-12621)
vulnerability in apache (CVE-2017-12621). Successful exploitation can lead to full system takeover.
CVE-2017-1527 XXE (XML External Entity) in ibm (CVE-2017-1527)
vulnerability in ibm (CVE-2017-1527). Confidential information can be exposed externally.
CVE-2017-8710 XXE (XML External Entity) in microsoft (CVE-2017-8710)
vulnerability in microsoft (CVE-2017-8710). Confidential information can be exposed externally.
CVE-2017-8040 XXE (XML External Entity) in vmware (CVE-2017-8040)
vulnerability in vmware (CVE-2017-8040). Confidential information can be exposed externally.
CVE-2017-12216 Information Disclosure in cisco (CVE-2017-12216)
vulnerability in cisco (CVE-2017-12216). Successful exploitation can lead to full system takeover.
CVE-2015-7241 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2017-1458 XXE (XML External Entity) in ibm (CVE-2017-1458)
vulnerability in ibm (CVE-2017-1458). Confidential information can be exposed externally.
CVE-2017-12069 XXE (XML External Entity) in csharp (CVE-2017-12069)
vulnerability in csharp (CVE-2017-12069). Risk of unauthorized operations or information disclosure.
CVE-2017-11272 Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
CVE-2016-8739 XXE (XML External Entity) in apache (CVE-2016-8739)
vulnerability in apache (CVE-2016-8739). Confidential information can be exposed externally.
CVE-2017-1192 XXE (XML External Entity) in ibm (CVE-2017-1192)
vulnerability in ibm (CVE-2017-1192). Confidential information can be exposed externally.
CVE-2010-2245 XXE (XML External Entity) in apache (CVE-2010-2245)
vulnerability in apache (CVE-2010-2245). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →