Falhas do tipo CWE-611
571 resultadosCVE-2025-30220CRITICALGeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handlingEPSS 49.2%CVE-2022-42341HIGHAdobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system readEPSS 35.5%CVE-2024-6893HIGHJournyx Unauthenticated XML External Entities InjectionEPSS 32.9%CVE-2025-11700HIGHN-central Multiple XXE Injection VulnerabilitiesEPSS 31.0%CVE-2019-13608HIGHCitrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.EPSS 28.0%KEVCVE-2016-9563MEDIUMBC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tEPSS 23.8%KEVCVE-2025-68493HIGHApache Struts, Apache Struts: XXE vulnerability in outdated XWork componentEPSS 22.5%CVE-2018-0878LOWWindows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2EPSS 21.9%CVE-2022-43473MEDIUMA blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially cEPSS 19.8%CVE-2018-10613—Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and EPSS 18.3%CVE-2020-25649—A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XEPSS 17.6%CVE-2019-10172MEDIUMA flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also EPSS 17.0%CVE-2019-13990CRITICALinitDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job descriptEPSS 16.6%CVE-2022-36969MEDIUMThis vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2EPSS 13.7%CVE-2022-38840HIGHcgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to lEPSS 9.8%CVE-2020-15418HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. AutEPSS 9.4%CVE-2025-54445HIGHImproper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request ForEPSS 9.2%CVE-2022-3980CRITICALAn XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed oEPSS 8.1%CVE-2022-31678CRITICALVMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may alloEPSS 8.1%CVE-2018-20843HIGHIn libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a hEPSS 7.1%