Falhas do tipo CWE-611
571 resultadosCVE-2024-34102CRITICALXXE can expose crypt key and other secrets granting full admin accessEPSS 100.0%KEVCVE-2019-9670CRITICALmailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, asEPSS 100.0%KEVCVE-2024-22024HIGHAn XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) andEPSS 94.7%CVE-2024-38653HIGHXXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.EPSS 92.0%CVE-2021-29447HIGHWordPress Authenticated XXE attack when installation is running PHP 8EPSS 85.7%CVE-2025-54254HIGHAdobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)EPSS 85.5%CVE-2022-2414—Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to EPSS 85.3%CVE-2023-44412HIGHD-Link D-View addDv7Probe XML External Entity Processing Information Disclosure VulnerabilityEPSS 83.7%CVE-2025-66516HIGHApache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affectedEPSS 79.8%CVE-2025-2777CRITICALSysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity InjectionEPSS 79.1%CVE-2020-17408HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. AuthenticaEPSS 74.0%CVE-2020-27858HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. AuthenticatiEPSS 73.8%CVE-2025-2776CRITICALSysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity InjectionEPSS 73.0%KEVCVE-2025-58360HIGHGeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap featureEPSS 66.8%KEVCVE-2020-15419HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. AutEPSS 63.8%CVE-2024-37397HIGHAn External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allowEPSS 59.3%CVE-2025-2775CRITICALSysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity InjectionEPSS 55.2%KEVCVE-2024-30043MEDIUMMicrosoft SharePoint Server Information Disclosure VulnerabilityEPSS 54.7%CVE-2022-38419HIGHAdobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system readEPSS 53.0%CVE-2012-3363CRITICALZend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows reEPSS 50.2%