Weaknesses of type CWE-611
574 resultsCVE-2025-12531HIGHIBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerabilityEPSS 0.8%CVE-2024-25129LOWLimited data exfiltration in CodeQL CLIEPSS 0.8%CVE-2022-1331MEDIUMDelta Electronics DMARS Improper Restriction of XML External Entity ReferenceEPSS 0.8%CVE-2023-20918—In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additionEPSS 0.8%CVE-2023-20173MEDIUMCisco Identity Services Engine XML External Entity Injection VulnerabilitiesEPSS 0.8%CVE-2023-28680HIGHJenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 0.8%CVE-2022-41226CRITICALJenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attaEPSS 0.8%CVE-2020-36640MEDIUMbonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity referenceEPSS 0.8%CVE-2024-47873HIGHPhpSpreadsheet XmlScanner bypass leads to XXEEPSS 0.8%CVE-2023-38693CRITICALRCE in Lucee REST endpointEPSS 0.8%CVE-2024-56324LOWGoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group adminsEPSS 0.8%CVE-2019-25253HIGHKYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity InjectionEPSS 0.8%CVE-2023-48362CRITICALApache Drill: XXE Vulnerability in XML Format ReaderEPSS 0.8%CVE-2017-20151MEDIUMiText RUPS XfaFile.java xml external entity referenceEPSS 0.8%CVE-2023-20030MEDIUMCisco Identity Services Engine XML External Entity Injection VulnerabilityEPSS 0.8%CVE-2023-27480HIGHData leak through a XAR import XXE attack in xwiki-platform-xar-modelEPSS 0.7%CVE-2023-28150MEDIUMAn issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in EPSS 0.7%CVE-2023-28152MEDIUMAn issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD inEPSS 0.7%CVE-2022-35168—Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendeEPSS 0.7%CVE-2022-0198MEDIUMImproper Restriction of XML External Entity Reference in stanfordnlp/corenlpEPSS 0.7%