Fallos del tipo CWE-611
576 resultadosCVE-2025-57704MEDIUMEIP Builder XML External Entity Processing Information Disclosure VulnerabilityEPSS 0.2%CVE-2023-2161MEDIUM
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause unauthorized read access to the fileEPSS 0.2%CVE-2024-58335MEDIUMOpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualizEPSS 0.2%CVE-2026-57234LOWNokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247EPSS 0.2%CVE-2025-40584MEDIUMA vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5EPSS 0.2%CVE-2024-54005MEDIUMA vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions),EPSS 0.2%CVE-2026-22186MEDIUMBio-Formats <= 8.3.0 XXE in Leica XLEF Metadata ParserEPSS 0.1%CVE-2025-4044HIGHXML External Entity Injection vulnerability in various Lexmark Universal DriversEPSS 0.1%CVE-2024-42185LOWHCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacksEPSS 0.1%CVE-2025-2070MEDIUMAn improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url EPSS 0.1%CVE-2026-48981MEDIUMpam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.cEPSS 0.1%CVE-2026-44018MEDIUMDocling: Unsafe Archive Extraction and XML Parsing in METS-GBS BackendEPSS 0.1%CVE-2026-49383LOWIn JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possibleEPSS 0.1%CVE-2025-66372LOWMustang before 2.16.3 allows exfiltrating files via XXE attacks.EPSS 0.1%CVE-2026-1227HIGHCWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files,EPSS 0.1%CVE-2025-36603MEDIUMDell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attackerEPSS 0.1%