Fallos del tipo CWE-611
573 resultadosCVE-2023-36419HIGHAzure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege VulnerabilityEPSS 1.7%CVE-2025-7766HIGHLantronix Provisioning Manager Improper Restriction of XML External Entity ReferenceEPSS 1.7%CVE-2022-21949HIGHMultiple XXE vulnerabilities in OBSEPSS 1.7%CVE-2018-17912—An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosureEPSS 1.6%CVE-2021-41098HIGHImproper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRubyEPSS 1.6%CVE-2020-12025—Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, whEPSS 1.5%CVE-2018-12471MEDIUMExternal Entity processing in the RegistrationSharing moduleEPSS 1.5%CVE-2023-38490MEDIUMKirby XML External Entity (XXE) vulnerability in the XML data handlerEPSS 1.5%CVE-2024-10839HIGHXML External EntityEPSS 1.5%CVE-2023-22274HIGHZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure VulnerabilityEPSS 1.5%CVE-2022-23640CRITICALImproper Restriction of XML External Entity Reference in Excel-Streaming-ReaderEPSS 1.4%CVE-2023-22832HIGHApache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributesEPSS 1.4%CVE-2022-24898MEDIUMArbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xmlEPSS 1.4%CVE-2012-1102—It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untEPSS 1.4%CVE-2021-21517HIGHSRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes EPSS 1.4%CVE-2022-40705HIGHApache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTPEPSS 1.4%CVE-2023-26999CRITICALAn issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a craftedEPSS 1.4%CVE-2018-17247—Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing exteEPSS 1.4%CVE-2023-25926MEDIUMIBM Security Guardium Key Lifecycle Manager XML external entity injectionEPSS 1.4%CVE-2022-0272HIGHImproper Restriction of XML External Entity Reference in detekt/detektEPSS 1.4%