Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,209 vulnerabilities with CWE-611

CVE-2026-1567 HIGH

IBM InfoSphere Information Server 11.7.0.0-11.7.1.6 - Info Disclosure

CVE-2026-3404 MEDIUM

thinkgem JeeSite <=5.15.1 - XXE

CVE-2026-2252 HIGH

Xerox FreeFlow Core <=8.0.7 - XXE/SSRF

CVE-2025-36247 HIGH

IBM Db2 11.5.0-11.5.9/12.1.0-12.1.3 - XXE

CVE-2026-2536 MEDIUM

opencc JFlow <20260129 - XXE

CVE-2020-37192 MEDIUM

MSN Password Recovery 1.30 - Info Disclosure

EBO - Info Disclosure

CVE-2026-2074 MEDIUM

O2OA <9.0.0 - SSRF

CVE-2026-23739 LOW

Asterisk <20.7-cert9, 20.18.2, 21.12.1, 22.8.2, 23.2.2 - Info Discl...

CVE-2026-23795 MEDIUM

Apache Syncope <3.0.15/<4.0.3 - XML External Entity Reference

CVE-2026-21569 HIGH

Atlassian Crowd < 7.1.3 - XXE

CVE-2026-24400 CRITICAL

AssertJ <3.27.7 - XSS

CVE-2025-65482 CRITICAL

Opensagres Xdocreport < 2.0.3 - XXE

CVE-2026-1218 MEDIUM

Bjskzy Zhiyou ERP <11.0 - XML External Entity Reference

CVE-2025-14478 HIGH

Demo Importer Plus <2.0.9 - Authenticated RCE

CVE-2022-50899 MEDIUM

Geonetwork 3.10-4.2.0 - SSRF

CVE-2025-68493 HIGH

Apache Struts <6.1.0 - XML Validation

CVE-2026-22186 HIGH

OME Pom-bio-formats - XXE

CVE-2026-20029 MEDIUM

Cisco ISE - Info Disclosure

CVE-2025-36589 HIGH

Dell Unisphere For Powermax < 9.2.4.19 - XXE

CVE-2025-68280 MEDIUM

Apache Spatial Information System < 1.5 - XXE

CVE-2025-15251 MEDIUM

beecue FastBee <2.1 - XML External Entity Reference

CVE-2019-25253 HIGH

KYOCERA Net Admin 3.4.0906 - XXE Injection

CVE-2018-25142 CRITICAL

NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection

CVE-2024-58335 MEDIUM

OpenXRechnungToolbox <6c50e89 - XML External Entity

Page 1 of 49 Next

Details

Vulnerabilities 1,209

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy