Weaknesses of type CWE-91
72 resultsCVE-2020-0646CRITICALA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote EPSS 99.2%KEVCVE-2023-46214HIGHRemote code execution (RCE) in Splunk Enterprise through Insecure XML ParsingEPSS 89.1%CVE-2024-53675HIGHAn XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certainEPSS 83.9%CVE-2024-53674HIGHAn XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certainEPSS 47.4%CVE-2019-17626CRITICALReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document EPSS 10.2%CVE-2022-25356MEDIUMAlt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.EPSS 5.9%CVE-2022-34253CRITICALAdobe Commerce XML Injection Arbitrary code executionEPSS 4.2%CVE-2019-25137HIGHUmbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSeleEPSS 4.1%CVE-2021-21019CRITICALMagento Commerce XML Injection Could Lead To Remote Code ExecutionEPSS 3.6%CVE-2021-21025CRITICALMagento Commerce XML Injection Could Lead To Arbitrary Code ExecutionEPSS 3.3%CVE-2021-36033CRITICALMagento Commerce Widgets Module XML Injection Vulnerability Could Lead To Remote Code ExecutionEPSS 3.0%CVE-2021-36028CRITICALMagento Commerce XML Injection Vulnerability Could Lead To Remote Code ExecutionEPSS 2.8%CVE-2021-36020HIGHMagento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code ExecutionEPSS 2.6%CVE-2020-8479CRITICALABB Central Licensing System - XML External Entity InjectionEPSS 2.2%CVE-2025-49538HIGHColdFusion | XML Injection (aka Blind XPath Injection) (CWE-91)EPSS 2.0%CVE-2021-32758HIGHLayout XML Arbitrary Code FixEPSS 2.0%CVE-2021-39181HIGHUnsafe Deserialization of User Data Using XStreamEPSS 1.8%CVE-2022-46751HIGHApache Ivy: XML External Entity vulnerability in Apache IvyEPSS 1.8%CVE-2025-54251MEDIUMAdobe Experience Manager | XML Injection (aka Blind XPath Injection) (CWE-91)EPSS 1.6%CVE-2019-17323—ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer withEPSS 1.6%