Weaknesses of type CWE-91
72 resultsCVE-2025-66034MEDIUMfontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLibEPSS 0.5%CVE-2024-33858MEDIUMAn issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_naEPSS 0.5%CVE-2025-24404HIGHApache HertzBeat (incubating): RCE by parse http sitemap xml responseEPSS 0.5%CVE-2025-12921MEDIUMOpenClinica Community Edition CRF Data Import ImportCRFData xml injectionEPSS 0.5%CVE-2024-13190MEDIUMZeroWdd myblog BlogMapper.xml xml injectionEPSS 0.5%CVE-2025-25589HIGHAn XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackerEPSS 0.4%CVE-2026-34601HIGHxmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertionEPSS 0.4%CVE-2025-9375MEDIUMxmltodict 0.14.2 - XML InjectionEPSS 0.4%CVE-2026-41675HIGHxmldom: XML node injection through unvalidated processing instruction serializationEPSS 0.4%CVE-2025-1545HIGHWatchGuard Firebox XPath Injection Vulnerability in Web CGIEPSS 0.4%CVE-2026-40165HIGHauthentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier TruncationEPSS 0.4%CVE-2026-41674HIGHxmldom: XML injection through unvalidated DocumentType serializationEPSS 0.4%CVE-2026-46490HIGHsamlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML AssertionsEPSS 0.4%CVE-2023-40612MEDIUMAuthenticated XXE Injection Via The File EditorEPSS 0.4%CVE-2026-28770MEDIUMXML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101EPSS 0.4%CVE-2026-32870MEDIUMKirby has XML injection in its XML creator toolkitEPSS 0.3%CVE-2026-41672HIGHxmldom: XML node injection through unvalidated comment serializationEPSS 0.3%CVE-2025-60833MEDIUMAn XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary codEPSS 0.3%CVE-2023-27328HIGHParallels Desktop Toolgate XML Injection Local Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-7473MEDIUMXML InjectionEPSS 0.3%