Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-611 (XML外部实体引用的不恰当限制(XXE)) — Vulnerability Class 417

417 vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files — lxml 7.5 High2026-04-24
CVE-2026-40882 OpenRemote has XXE in Velbus Asset Import — openremote 7.6 High2026-04-22
CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files — WSO2 API Manager 3.5 Low2026-04-16
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service — WSO2 API Manager 7.5 High2026-04-16
CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection — chamilo-lms 5.3 Medium2026-04-10
CVE-2026-4374 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat... — Connext Professional 9.8AICriticalAI2026-04-01
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading — XmlNotepad 6.5 Medium2026-03-31
CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape — Inkscape 6.3 Medium2026-03-27
CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files — openemr 7.7 High2026-03-25
CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF — esaml 9.1 -2026-03-23
CVE-2026-3511 Autogram 安全漏洞 — Autogram 8.6 High2026-03-19
CVE-2026-32251 Tolgee has an XXE Injection in Translation Import — tolgee-platform 6.5AIMediumAI2026-03-12
CVE-2026-1567 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability — InfoSphere Information Server 7.1 High2026-03-03
CVE-2026-3404 thinkgem JeeSite Endpoint CasOutHandler.java xml external entity reference — JeeSite 5.0 Medium2026-03-02
CVE-2026-2252 XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF) — FreeFlow Core 7.5 High2026-02-27
CVE-2025-36247 IBM Db2 XML External Entity Reference — Db2 for Linux, UNIX and Windows 7.1 High2026-02-17
CVE-2026-2536 opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference — JFlow 6.3 Medium2026-02-16
CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection — MSN Password Recovery 6.2 Medium2026-02-11
CVE-2026-1227 Schneider Electric EcoStruxure Building Operation Workstation 代码问题漏洞 — EcoStruxure Building Operation Workstation 7.8AIHighAI2026-02-11
CVE-2026-2074 O2OA HTTP POST Request check xml external entity reference — O2OA 6.3 Medium2026-02-07
CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection — asterisk 2.0 Low2026-02-06
CVE-2026-23795 Apache Syncope: Console XXE on Keymaster parameters — Apache Syncope 4.9AIMediumAI2026-02-03
CVE-2026-24400 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion — assertj 9.8AICriticalAI2026-01-26
CVE-2026-1218 Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference — Zhiyou ERP 6.3 Medium2026-01-20
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload — Demo Importer Plus 7.5 High2026-01-17
CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE) — GeoNetwork 6.5 Medium2026-01-13
CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component — Apache Struts 7.5 -2026-01-11
CVE-2026-22186 Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser — Bio-Formats 8.4 -2026-01-07
CVE-2026-20029 Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability — Cisco Identity Services Engine Software 4.9 Medium2026-01-07
CVE-2025-36589 Dell Unisphere for PowerMax 代码问题漏洞 — Unisphere for PowerMax 7.6 High2026-01-06

Vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)) represent 417 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.