Search Results (3178 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1383 1 Ibm 2 Infosphere Information Server, Softlayer 2025-04-20 N/A
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
CVE-2014-3630 2 Lightbend, Playframework 2 Play Framework, Play Framework 2025-04-20 N/A
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
CVE-2017-11683 3 Canonical, Debian, Exiv2 3 Ubuntu Linux, Debian Linux, Exiv2 2025-04-20 6.5 Medium
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2017-1000136 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
CVE-2022-20550 1 Google 1 Android 2025-04-18 7.8 High
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514
CVE-2022-20515 1 Google 1 Android 2025-04-18 5.5 Medium
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496
CVE-2022-25628 1 Broadcom 1 Symantec Identity Governance And Administration 2025-04-18 8.8 High
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
CVE-2022-47516 1 Drachtio 1 Drachtio-server 2025-04-17 7.5 High
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.
CVE-2020-14478 1 Rockwellautomation 1 Factorytalk Services Platform 2025-04-17 7.1 High
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
CVE-2024-0349 1 Engineers Online Portal Project 1 Engineers Online Portal 2025-04-17 3.7 Low
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.
CVE-2021-42537 1 Visam 1 Vbase Web-remote 2025-04-17 5.9 Medium
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2022-47514 1 Xml-rpc.net Project 1 Xml-rpc.net 2025-04-17 8.8 High
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.
CVE-2021-27406 1 Perfact 1 Openvpn-client 2025-04-16 8.8 High
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.
CVE-2021-44477 1 Ge 1 Toolboxst 2025-04-16 7.5 High
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.
CVE-2022-1018 1 Rockwellautomation 3 Connected Components Workbench, Isagraf, Safety Instrumented Systems Workstation 2025-04-16 5.5 Medium
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
CVE-2021-43990 1 Fanuc 1 Roboguide 2025-04-16 6.1 Medium
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.
CVE-2022-1331 1 Deltaww 1 Dmars 2025-04-16 5.5 Medium
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.
CVE-2021-27498 1 Opener Project 1 Opener 2025-04-16 7.5 High
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
CVE-2021-27500 1 Opener Project 1 Opener 2025-04-16 7.5 High
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
CVE-2022-1704 1 Inductiveautomation 1 Ignition 2025-04-16 7.6 High
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.