Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-47898 |
|
XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13449 |
|
XXE (XML External Entity) in ibm (CVE-2026-13449)
vulnerability in ibm (CVE-2026-13449). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-58175 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
|
| CVE-2026-49875 |
|
XXE (XML External Entity) in apache (CVE-2026-49875)
vulnerability in apache (CVE-2026-49875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47960 |
|
XXE (XML External Entity) in adobe (CVE-2026-47960)
vulnerability in adobe (CVE-2026-47960). Confidential information can be exposed externally.
|
| CVE-2026-8045 |
|
XXE (XML External Entity) in schneider-electric (CVE-2026-8045)
vulnerability in schneider-electric (CVE-2026-8045). Confidential information can be exposed externally.
|
| CVE-2026-49383 |
|
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
|
| CVE-2026-3603 |
|
XXE (XML External Entity) in ibm (CVE-2026-3603)
vulnerability in ibm (CVE-2026-3603). Confidential information can be exposed externally.
|
| CVE-2026-26171 |
|
Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2022-21282 |
|
XXE (XML External Entity) in java (CVE-2022-21282)
vulnerability in java (CVE-2022-21282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-22016 |
|
Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2025-58360 KEV |
|
[KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61821 |
|
XXE (XML External Entity) in adobe (CVE-2025-61821)
vulnerability in adobe (CVE-2025-61821). Confidential information can be exposed externally.
|
| CVE-2025-61813 |
|
XXE (XML External Entity) in adobe (CVE-2025-61813)
vulnerability in adobe (CVE-2025-61813). Confidential information can be exposed externally.
|
| CVE-2025-2776 KEV |
|
[KEV] XXE (XML External Entity) in sysaid (CVE-2025-2776)
vulnerability in sysaid (CVE-2025-2776). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2775 KEV |
|
[KEV] XXE (XML External Entity) in sysaid (CVE-2025-2775)
vulnerability in sysaid (CVE-2025-2775). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-45727 KEV |
|
[KEV] XXE (XML External Entity) in North grid north-grid (CVE-2023-45727)
vulnerability in North grid north-grid (CVE-2023-45727). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-34102 KEV |
|
[KEV] XXE (XML External Entity) in Adobe commerce-and-magento-open-source (CVE-2024-34102)
vulnerability in Adobe commerce-and-magento-open-source (CVE-2024-34102). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-25912 |
|
XXE (XML External Entity) in dos (CVE-2020-25912)
vulnerability in dos (CVE-2020-25912). Confidential information can be exposed externally.
|
| CVE-2022-22977 |
|
XXE (XML External Entity) in vmware (CVE-2022-22977)
vulnerability in vmware (CVE-2022-22977). Confidential information can be exposed externally.
|
| CVE-2019-9670 KEV |
|
[KEV] XXE (XML External Entity) in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9670). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-13608 KEV |
|
[KEV] XXE (XML External Entity) in Citrix storefront-server (CVE-2019-13608)
vulnerability in Citrix storefront-server (CVE-2019-13608). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-9563 KEV |
|
[KEV] XXE (XML External Entity) in Sap netweaver (CVE-2016-9563)
vulnerability in Sap netweaver (CVE-2016-9563). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-1259 |
|
XXE (XML External Entity) in broadcom (CVE-2018-1259)
vulnerability in broadcom (CVE-2018-1259). Confidential information can be exposed externally.
|
| CVE-2014-3630 |
|
XXE (XML External Entity) in dos (CVE-2014-3630)
vulnerability in dos (CVE-2014-3630). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11286 |
|
XXE (XML External Entity) in adobe (CVE-2017-11286)
vulnerability in adobe (CVE-2017-11286). Confidential information can be exposed externally.
|
| CVE-2017-1477 |
|
XXE (XML External Entity) in ibm (CVE-2017-1477)
vulnerability in ibm (CVE-2017-1477). Confidential information can be exposed externally.
|
| CVE-2014-3600 |
|
XXE (XML External Entity) in apache (CVE-2014-3600)
vulnerability in apache (CVE-2014-3600). Successful exploitation can lead to full system takeover.
|
| CVE-2014-3579 |
|
XXE (XML External Entity) in apache (CVE-2014-3579)
vulnerability in apache (CVE-2014-3579). Successful exploitation can lead to full system takeover.
|
| CVE-2016-5002 |
|
XXE (XML External Entity) in apache (CVE-2016-5002)
vulnerability in apache (CVE-2016-5002). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12629 |
|
XXE (XML External Entity) in c (CVE-2017-12629)
vulnerability in c (CVE-2017-12629). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10617 |
|
XXE (XML External Entity) in c (CVE-2017-10617)
vulnerability in c (CVE-2017-10617). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12623 |
|
XXE (XML External Entity) in apache (CVE-2017-12623)
vulnerability in apache (CVE-2017-12623). Confidential information can be exposed externally.
|
| CVE-2014-0030 |
|
XXE (XML External Entity) in apache (CVE-2014-0030)
vulnerability in apache (CVE-2014-0030). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12620 |
|
XXE (XML External Entity) in apache (CVE-2017-12620)
vulnerability in apache (CVE-2017-12620). Successful exploitation can lead to full system takeover.
|
| CVE-2016-4434 |
|
XXE (XML External Entity) in apache (CVE-2016-4434)
vulnerability in apache (CVE-2016-4434). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12621 |
|
XXE (XML External Entity) in apache (CVE-2017-12621)
vulnerability in apache (CVE-2017-12621). Successful exploitation can lead to full system takeover.
|
| CVE-2017-1527 |
|
XXE (XML External Entity) in ibm (CVE-2017-1527)
vulnerability in ibm (CVE-2017-1527). Confidential information can be exposed externally.
|
| CVE-2017-8710 |
|
XXE (XML External Entity) in microsoft (CVE-2017-8710)
vulnerability in microsoft (CVE-2017-8710). Confidential information can be exposed externally.
|
| CVE-2017-8040 |
|
XXE (XML External Entity) in vmware (CVE-2017-8040)
vulnerability in vmware (CVE-2017-8040). Confidential information can be exposed externally.
|
| CVE-2017-12216 |
|
Information Disclosure in cisco (CVE-2017-12216)
vulnerability in cisco (CVE-2017-12216). Successful exploitation can lead to full system takeover.
|
| CVE-2015-7241 |
|
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
|
| CVE-2017-1458 |
|
XXE (XML External Entity) in ibm (CVE-2017-1458)
vulnerability in ibm (CVE-2017-1458). Confidential information can be exposed externally.
|
| CVE-2017-12069 |
|
XXE (XML External Entity) in csharp (CVE-2017-12069)
vulnerability in csharp (CVE-2017-12069). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11272 |
|
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
|
| CVE-2016-8739 |
|
XXE (XML External Entity) in apache (CVE-2016-8739)
vulnerability in apache (CVE-2016-8739). Confidential information can be exposed externally.
|
| CVE-2017-1192 |
|
XXE (XML External Entity) in ibm (CVE-2017-1192)
vulnerability in ibm (CVE-2017-1192). Confidential information can be exposed externally.
|
| CVE-2010-2245 |
|
XXE (XML External Entity) in apache (CVE-2010-2245)
vulnerability in apache (CVE-2010-2245). Confidential information can be exposed externally.
|