Fallos del tipo CWE-611
573 resultadosCVE-2025-8355HIGHXXE leading to SSRFEPSS 6.9%CVE-2023-20052MEDIUMOn Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClEPSS 6.7%CVE-2026-20029MEDIUMCisco Identity Services Engine XML External Entity Processing Information Disclosure VulnerabilityEPSS 5.6%CVE-2021-23901—An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParserEPSS 4.4%CVE-2020-1693HIGHA flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unautheEPSS 4.2%CVE-2022-46300MEDIUMCVE-2022-46300EPSS 4.1%CVE-2019-3773—Spring Web Services XML External Entity Injection (XXE)EPSS 4.1%CVE-2018-4942HIGHAdobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity EPSS 4.1%CVE-2023-46265MEDIUMAn unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).EPSS 4.0%CVE-2017-3206—The Action Message Format (AMF3) deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messagesEPSS 3.7%CVE-2023-45727HIGHProself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1EPSS 3.5%KEVCVE-2020-7032MEDIUMAvaya WebLM Improper Restriction of XML External Entity ReferenceEPSS 3.5%CVE-2022-40771MEDIUMZoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information DiscloEPSS 3.5%CVE-2021-40439—Billion LaughsEPSS 3.4%CVE-2025-49493MEDIUMAkamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.EPSS 3.4%CVE-2020-8256—A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file readiEPSS 3.4%CVE-2022-45876MEDIUMCVE-2022-45876EPSS 3.3%CVE-2021-40722CRITICALAEM Forms Improper Restriction of XML External Entity ReferenceEPSS 3.3%CVE-2023-28340MEDIUMZoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.EPSS 3.2%CVE-2023-22624HIGHZoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.EPSS 3.2%