Falhas do tipo CWE-611
573 resultadosCVE-2018-17889—In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, theEPSS 1.2%CVE-2020-10629—WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive fEPSS 1.2%CVE-2014-125087MEDIUMjava-xmlbuilder xml external entity referenceEPSS 1.2%CVE-2023-45139HIGHfonttools XML External Entity Injection (XXE) VulnerabilityEPSS 1.2%CVE-2022-0239MEDIUMImproper Restriction of XML External Entity Reference in stanfordnlp/corenlpEPSS 1.2%CVE-2023-24443CRITICALJenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.2%CVE-2023-24441CRITICALJenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.2%CVE-2023-39472MEDIUMInductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure VulnerabilityEPSS 1.2%CVE-2023-24323HIGHMojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.EPSS 1.2%CVE-2020-3256MEDIUMCisco Hosted Collaboration Mediation Fulfillment XML External Expansion VulnerabilityEPSS 1.2%CVE-2023-24189CRITICALAn XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /uEPSS 1.2%CVE-2024-40896CRITICALIn libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if cEPSS 1.2%CVE-2023-34411HIGHThe xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nestingEPSS 1.2%CVE-2023-42035MEDIUMVisualware MyConnection Server doIForward XML External Entity Processing Information Disclosure VulnerabilityEPSS 1.2%CVE-2024-50848MEDIUMAn XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to acceEPSS 1.2%CVE-2025-2905CRITICALAn XML External Entity (XXE) vulnerability in Multiple WSO2 ProductsEPSS 1.1%CVE-2022-45326MEDIUMAn XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated usersEPSS 1.1%CVE-2021-1530MEDIUMCisco BroadWorks Messaging Server XML External Entity Injection VulnerabilityEPSS 1.1%CVE-2023-51591MEDIUMVoltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure VulnerabilityEPSS 1.1%CVE-2021-21266MEDIUMXXE vulnerability in OpenHABEPSS 1.1%