Fallos del tipo CWE-611
576 resultadosCVE-2024-5919MEDIUMPAN-OS: Authenticated XML External Entities (XXE) Injection VulnerabilityEPSS 0.3%CVE-2025-44044HIGHKeyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into paEPSS 0.3%CVE-2023-27527LOWShinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML fileEPSS 0.3%CVE-2025-31487HIGHThe XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA serverEPSS 0.3%CVE-2025-31497HIGHTEIGarage XML External Entity (XXE) Injection in Document Conversion ServiceEPSS 0.3%CVE-2026-29924HIGHGrav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File EPSS 0.3%CVE-2025-2365MEDIUMcrmeb_java WeChatMessageController.java webHook xml external entity referenceEPSS 0.3%CVE-2026-44618MEDIUMApache CXF: XXE vulnerability in WS-Transfer functionalityEPSS 0.3%CVE-2025-63917HIGHPDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The applicEPSS 0.3%CVE-2025-24910MEDIUMHitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity ReferenceEPSS 0.3%CVE-2026-36765HIGHAn XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execEPSS 0.3%CVE-2020-14478HIGHIMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611EPSS 0.3%CVE-2025-64518HIGHCycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injectionEPSS 0.3%CVE-2026-41066HIGHlxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local filesEPSS 0.3%CVE-2025-52888HIGHAllure 2's xunit-xml-plugin Vulnerable to Improper XXE RestrictionEPSS 0.3%CVE-2026-3511HIGHImproper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticEPSS 0.3%CVE-2025-27523HIGHXXE vulnerability in JP1/IT Desktop Management 2 - Smart Device ManagerEPSS 0.3%CVE-2025-64134HIGHJenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevEPSS 0.3%CVE-2023-41365MEDIUMInformation Disclosure vulnerability in SAP Business One (B1i)EPSS 0.3%CVE-2026-42212HIGHSolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parserEPSS 0.3%