Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-611 Clear
ID Title
CVE-2026-57259 XXE (XML External Entity) in CVE-2026-57259 (CVE-2026-57259)
vulnerability in CVE-2026-57259 (CVE-2026-57259). Confidential information can be exposed externally.
CVE-2026-47898 XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Successful exploitation can lead to full system takeover.
CVE-2026-13449 XXE (XML External Entity) in ibm (CVE-2026-13449)
vulnerability in ibm (CVE-2026-13449). Risk of unauthorized operations or information disclosure.
CVE-2026-12975 XXE (XML External Entity) in ssrf (CVE-2026-12975)
vulnerability in ssrf (CVE-2026-12975). Risk of unauthorized operations or information disclosure.
CVE-2026-57234 Vulnerability in ssrf (CVE-2026-57234)
vulnerability in ssrf (CVE-2026-57234). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-56701 XXE (XML External Entity) in CVE-2026-56701 (CVE-2026-56701)
vulnerability in CVE-2026-56701 (CVE-2026-56701). Confidential information can be exposed externally.
CVE-2026-6653 Use-After-Free in CVE-2026-6653 (CVE-2026-6653)
vulnerability in CVE-2026-6653 (CVE-2026-6653). Risk of unauthorized operations or information disclosure.
CVE-2026-12788 Vulnerability in CVE-2026-12788 (CVE-2026-12788)
vulnerability in CVE-2026-12788 (CVE-2026-12788). Risk of unauthorized operations or information disclosure.
CVE-2026-48981 XXE (XML External Entity) in CVE-2026-48981 (CVE-2026-48981)
vulnerability in CVE-2026-48981 (CVE-2026-48981). Confidential information can be exposed externally.
CVE-2026-55471 XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471). Risk of unauthorized operations or information disclosure. Exploitable via `GET /evil-fhir-xslt-ssrf.dtd`. Mitigation: upgrade to `6.9.10` or later.
CVE-2025-58175 Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
CVE-2026-49875 XXE (XML External Entity) in apache (CVE-2026-49875)
vulnerability in apache (CVE-2026-49875). Successful exploitation can lead to full system takeover.
CVE-2026-40998 XXE (XML External Entity) in CVE-2026-40998 (CVE-2026-40998)
vulnerability in CVE-2026-40998 (CVE-2026-40998). Confidential information can be exposed externally.
CVE-2026-40991 XXE (XML External Entity) in CVE-2026-40991 (CVE-2026-40991)
vulnerability in CVE-2026-40991 (CVE-2026-40991). Confidential information can be exposed externally.
CVE-2026-47960 XXE (XML External Entity) in adobe (CVE-2026-47960)
vulnerability in adobe (CVE-2026-47960). Confidential information can be exposed externally.
CVE-2026-8045 XXE (XML External Entity) in schneider-electric (CVE-2026-8045)
vulnerability in schneider-electric (CVE-2026-8045). Confidential information can be exposed externally.
CVE-2026-44020 Vulnerability in docling (CVE-2026-44020)
vulnerability in docling (CVE-2026-44020). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.74.0` or later.
CVE-2026-44018 Vulnerability in docling (CVE-2026-44018)
vulnerability in docling (CVE-2026-44018). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-49383 In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
CVE-2026-3603 XXE (XML External Entity) in ibm (CVE-2026-3603)
vulnerability in ibm (CVE-2026-3603). Confidential information can be exposed externally.
CVE-2026-46722 XXE (XML External Entity) in tpwd/ke_search (CVE-2026-46722)
vulnerability in tpwd/ke_search (CVE-2026-46722). Risk of unauthorized operations or information disclosure. Exploitable via ``ke_search``. Mitigation: upgrade to `4.6.7` or later.
CVE-2026-39053 XXE (XML External Entity) in ssrf (CVE-2026-39053)
vulnerability in ssrf (CVE-2026-39053). Risk of unauthorized operations or information disclosure.
CVE-2026-44445 XXE (XML External Entity) in frappe (CVE-2026-44445)
vulnerability in frappe (CVE-2026-44445). Confidential information can be exposed externally. Mitigation: upgrade to `15.104.3` or later.
CVE-2026-42212 Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
CVE-2026-26171 Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
CVE-2023-42344 XXE (XML External Entity) in org.opencms:opencms-core (CVE-2023-42344)
vulnerability in org.opencms:opencms-core (CVE-2023-42344). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.1` or later.
CVE-2023-42346 Vulnerability in CVE-2023-42346 (CVE-2023-42346)
vulnerability in CVE-2023-42346 (CVE-2023-42346). Risk of unauthorized operations or information disclosure.
CVE-2022-21282 XXE (XML External Entity) in java (CVE-2022-21282)
vulnerability in java (CVE-2022-21282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
CVE-2026-41895 XXE (XML External Entity) in changedetection.io (CVE-2026-41895)
vulnerability in changedetection.io (CVE-2026-41895). Confidential information can be exposed externally. Exploitable via ``XXE``.
CVE-2026-40682 XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2025-14543 XXE (XML External Entity) in rti (CVE-2025-14543)
vulnerability in rti (CVE-2025-14543). Confidential information can be exposed externally.
CVE-2024-13971 XXE (XML External Entity) in lobster-world (CVE-2024-13971)
vulnerability in lobster-world (CVE-2024-13971). Confidential information can be exposed externally.
CVE-2024-39847 XXE (XML External Entity) in 4d (CVE-2024-39847)
vulnerability in 4d (CVE-2024-39847). Confidential information can be exposed externally.
CVE-2026-22016 Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
CVE-2026-4374 XXE (XML External Entity) in rti (CVE-2026-4374)
vulnerability in rti (CVE-2026-4374). Confidential information can be exposed externally.
CVE-2026-4980 XXE (XML External Entity) in inkscape (CVE-2026-4980)
vulnerability in inkscape (CVE-2026-4980). Confidential information can be exposed externally.
CVE-2026-28809 XXE (XML External Entity) in esaml (CVE-2026-28809)
vulnerability in esaml (CVE-2026-28809). Risk of unauthorized operations or information disclosure.
CVE-2025-68493 XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
CVE-2025-68463 XXE (XML External Entity) in CVE-2025-68463 (CVE-2025-68463)
vulnerability in CVE-2025-68463 (CVE-2025-68463). Risk of unauthorized operations or information disclosure.
CVE-2025-58360 KEV [KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-61821 XXE (XML External Entity) in adobe (CVE-2025-61821)
vulnerability in adobe (CVE-2025-61821). Confidential information can be exposed externally.
CVE-2025-61813 XXE (XML External Entity) in adobe (CVE-2025-61813)
vulnerability in adobe (CVE-2025-61813). Confidential information can be exposed externally.
CVE-2025-2775 KEV [KEV] XXE (XML External Entity) in sysaid (CVE-2025-2775)
vulnerability in sysaid (CVE-2025-2775). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-2776 KEV [KEV] XXE (XML External Entity) in sysaid (CVE-2025-2776)
vulnerability in sysaid (CVE-2025-2776). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-52162 XXE (XML External Entity) in CVE-2025-52162 (CVE-2025-52162)
vulnerability in CVE-2025-52162 (CVE-2025-52162). Risk of unauthorized operations or information disclosure.
CVE-2024-55875 Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
vulnerability in org.http4k:http4k-format-xml (CVE-2024-55875). Successful exploitation can lead to full system takeover. Exploitable via ``DocumentBuilderFactory``. Mitigation: upgrade to `6.50.0.0` or later.
CVE-2023-45727 KEV [KEV] XXE (XML External Entity) in North grid north-grid (CVE-2023-45727)
vulnerability in North grid north-grid (CVE-2023-45727). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-7098 XXE (XML External Entity) in sfs (CVE-2024-7098)
vulnerability in sfs (CVE-2024-7098). Successful exploitation can lead to full system takeover.
CVE-2024-45490 Vulnerability in c (CVE-2024-45490)
vulnerability in c (CVE-2024-45490). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →