Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,228 vulnerabilities with CWE-611

CVE-2026-22186 HIGH

OME Pom-bio-formats - XXE

CVE-2026-20029 MEDIUM

Cisco ISE - Info Disclosure

CVE-2025-14543 HIGH

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.

CVE-2025-36247 HIGH

IBM Db2 11.5.0-11.5.9/12.1.0-12.1.3 - XXE

CVE-2025-65482 CRITICAL

Opensagres Xdocreport < 2.0.3 - XXE

CVE-2025-14478 HIGH

Demo Importer Plus <2.0.9 - Authenticated RCE

CVE-2025-68493 HIGH

Apache Struts <6.1.0 - XML Validation

CVE-2025-36589 HIGH

Dell Unisphere For Powermax < 9.2.4.19 - XXE

CVE-2025-68280 MEDIUM

Apache Spatial Information System < 1.5 - XXE

CVE-2025-15251 MEDIUM

beecue FastBee <2.1 - XML External Entity Reference

CVE-2025-68463 MEDIUM

Pypi Biopython - XXE

CVE-2025-61823 MEDIUM

Adobe Coldfusion - XXE

CVE-2025-61821 MEDIUM

Adobe Coldfusion - XXE

CVE-2025-61813 HIGH

Adobe Coldfusion - XXE

CVE-2025-66516 HIGH

Apache Tika <3.2.1 - XXE

CVE-2025-65868 HIGH

eyoucms <1.7.1 - DoS

CVE-2025-66372 LOW

Mustang <2.16.3 - Info Disclosure

CVE-2025-66371 MEDIUM

Peppol-py <1.1.1 - XSS

CVE-2025-66370 MEDIUM

Kivitendo <3.9.2 - Info Disclosure

CVE-2025-58360 HIGH KEV

GeoServer WMS GetMap XXE Arbitrary File Read

CVE-2025-63917 HIGH

PDFPatcher <1.1.3.4663 - XXE

CVE-2025-13209 MEDIUM

bestfeng oa_git_free <9.5 - XML External Entity Reference

CVE-2025-11700 HIGH

N-able N-Central Authentication Bypass and XXE Scanner

CVE-2025-64518 HIGH

Org.cyclonedx Cyclonedx-core-java < 11.0.1 - XXE

CVE-2025-63551 HIGH

MetInfo CMS <8.1 - SSRF

Previous Page 2 of 50 Next

Details

Vulnerabilities 1,228

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy