Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-611 (XML外部实体引用的不恰当限制(XXE)) — Vulnerability Class 417

417 vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-31039 WordPress Category Icon plugin <= 1.0.3 - XML External Entity (XXE) vulnerability — Category Icon 9.1 Critical2025-06-09
CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference — Feng Office 6.3 Medium2025-06-09
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format — Math 9.8AICriticalAI2025-05-30
CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference — Device Installer 6.8 Medium2025-05-22
CVE-2025-4949 XXE vulnerability in Eclipse JGit — Eclipse JGit 9.8AICriticalAI2025-05-21
CVE-2025-27523 XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager — JP1/IT Desktop Management 2 - Smart Device Manager 8.7 High2025-05-15
CVE-2025-4641 XML External Entity (XXE) injection vulnerability in WebDriverManager — webdrivermanager 7.5AIHighAI2025-05-14
CVE-2025-4639 Improper Restriction of XML External Entity Reference in Peergos — Peergos 9.1AICriticalAI2025-05-14
CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector — sulu 3.8AILowAI2025-05-14
CVE-2024-51445 Siemens Polarion 代码问题漏洞 — Polarion V2310 6.5 Medium2025-05-13
CVE-2025-30018 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) — SAP Supplier Relationship Management (Live Auction Cockpit) 8.6 High2025-05-13
CVE-2025-2777 SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection — SysAid On-Prem 9.3 Critical2025-05-07
CVE-2025-2776 SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection — SysAid On-Prem 9.3 Critical2025-05-07
CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection — SysAid On-Prem 9.3 Critical2025-05-07
CVE-2025-22478 Dell Storage Manager 代码问题漏洞 — Dell Storage Center - Dell Storage Manager 8.1 High2025-05-06
CVE-2025-46726 Langroid Vulnerable to XXE Injection via XMLToolMessage — langroid 8.1AIHighAI2025-05-05
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products — WSO2 API Manager 9.1 Critical2025-05-05
CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read — MailEssentials 6.5 Medium2025-04-28
CVE-2025-2070 Lenovo Filez 代码问题漏洞 — Client 5.0 Medium2025-04-25
CVE-2025-24911 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference — Pentaho Business Analytics Server 4.9 Medium2025-04-16
CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference — Pentaho Business Analytics Server 4.9 Medium2025-04-16
CVE-2025-31497 TEIGarage XML External Entity (XXE) Injection in Document Conversion Service — TEIGarage 7.5 High2025-04-15
CVE-2025-32406 Nakivo Backup & Replication 代码问题漏洞 — Backup & Replication Director 8.6 High2025-04-08
CVE-2025-32138 WordPress Easy Google Maps plugin <= 1.11.18 - XML External Entity vulnerability — Easy Google Maps 6.6 Medium2025-04-04
CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference — youkefu 6.3 Medium2025-04-04
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server — jira 7.7 High2025-04-03
CVE-2025-1781 CSS Validator 安全漏洞 — CSS Validator 6.5 -2025-03-28
CVE-2025-29932 JetBrains GoLand 代码问题漏洞 — GoLand 4.1 Medium2025-03-25
CVE-2025-25036 Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE) — JPlatform 6.8 Medium2025-03-21
CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference — crmeb_java 6.3 Medium2025-03-17

Vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)) represent 417 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.