mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML Exte…

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x…

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE at…

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Impr…

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploit…

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can e…

Access to external entities when parsing XML documents can lead to XML external entity (XXE) at…

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injecti…

GeoServer is an open source server that allows users to share and edit geospatial data. From ve…

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8…

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XX…

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XX…

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE…

Microsoft SharePoint Server Information Disclosure Vulnerability

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML Ex…

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vu…

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Updat…

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly han…

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser …

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not config…

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products …

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)…

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)…

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS)…

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulner…

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when …

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windo…

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read file…

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External E…

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote un…

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnera…

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote …

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by…

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External…

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to r…

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data so…

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 1…

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and ea…