Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-611 (XML外部实体引用的不恰当限制(XXE)) — Vulnerability Class 417

417 vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection — local-s3 8.1 -2025-03-10
CVE-2025-0162 IBM Aspera Shares XML external entity injection — Aspera Shares 7.1 High2025-03-07
CVE-2023-38693 RCE in Lucee REST endpoint — Lucee 9.8 Critical2025-03-05
CVE-2025-24521 Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference — Ixia Vision Product Family 4.9 Medium2025-03-05
CVE-2024-49781 IBM OpenPages XML external entity injection — OpenPages with Watson 7.1 High2025-02-20
CVE-2023-47160 IBM Cognos Controller XML external entity injection — Cognos Controller 8.2 High2025-02-19
CVE-2024-25066 RSA Authentication Manager 安全漏洞 — Authentication Manager 4.3 Medium2025-02-17
CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference — ywoa 6.3 Medium2025-02-12
CVE-2024-54171 IBM EntireX XML external entity injection — EntireX 7.1 High2025-02-06
CVE-2024-49352 IBM Cognos Anaytics XML external entity injection — Cognos Analytics 7.1 High2025-02-05
CVE-2024-52807 XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` — fhir-ig-publisher 8.6 High2025-01-24
CVE-2024-42185 HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks — BigFix Patch Management Download Plug-ins 2.5 Low2025-01-23
CVE-2025-23195 Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie — Apache Ambari 7.5 -2025-01-21
CVE-2024-12476 Schneider Electric Web Designer 代码问题漏洞 — Web Designer for BMXNOR0200H 7.8 High2025-01-17
CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer — Programable Terminals NB-Designer 5.5 Medium2025-01-14
CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins — gocd 6.5 -2025-01-03
CVE-2024-56322 GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality — gocd 6.7 -2025-01-03
CVE-2024-40896 libxml2 安全漏洞 — libxml2 7.5AIHighAI2024-12-23
CVE-2024-56356 JetBrains TeamCity 代码问题漏洞 — TeamCity 5.9 Medium2024-12-20
CVE-2021-22501 OpenText Operations Bridge Manager 安全漏洞 — Operations Bridge Manager 9.1 -2024-12-19
CVE-2024-55887 Ucum-java has an XXE vulnerability in XML parsing — Ucum-java 8.6 High2024-12-13
CVE-2024-49535 Acrobat Reader | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) — Acrobat Reader 6.3 Medium2024-12-10
CVE-2024-49064 Microsoft SharePoint Information Disclosure Vulnerability — Microsoft SharePoint Enterprise Server 2016 6.5 Medium2024-12-10
CVE-2024-54005 Siemens Comos 代码问题漏洞 — COMOS V10.3 5.1 Medium2024-12-10
CVE-2024-49704 Siemens Comos 代码问题漏洞 — COMOS V10.3 5.5 Medium2024-12-10
CVE-2024-47582 XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA — SAP NetWeaver AS JAVA 5.3 Medium2024-12-10
CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability — xml-common 9.1 -2024-12-02
CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages — saml2 8.3 High2024-12-02
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI — veraPDF-library 7.8 -2024-11-29
CVE-2024-9044 XML External Entity (XXE) Vulnerability in EasyTax — EasyTax 9.8 -2024-11-29

Vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)) represent 417 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.