Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2025-68493 HIGH

Apache Struts <6.1.0 - XML Validation

CVE-2025-36589 HIGH

Dell Unisphere for PowerMax 9.2.4.x - XML External Entity Injection

CVE-2025-68280 MEDIUM

Apache SIS 0.4-1.5 - XML External Entity Injection in GeoTIFF, ISO 19115, GML, and GPX Parsers

CVE-2025-15251 MEDIUM

beecue FastBee <2.1 - XML External Entity Reference

CVE-2025-68463 MEDIUM

Biopython < 1.86 - XML External Entity Injection in Bio.Entrez

CVE-2025-61823 MEDIUM

ColdFusion <= 2025.4, 2023.16, 2021.22 - Authenticated XML External Entity Injection

CVE-2025-61821 MEDIUM

Adobe ColdFusion <= 2025.4, <= 2023.16, <= 2021.22 - XML External Entity Injection

CVE-2025-61813 HIGH

ColdFusion <= 2025.4, <= 2023.16, <= 2021.22 - XML External Entity Injection

CVE-2025-66516 HIGH

Apache Tika 1.13-3.2.1 and tika-parsers 1.13-1.28.5 - XML External Entity Injection via Crafted XFA in PDF

CVE-2025-65868 HIGH

eyoucms 1.7.1 - XML External Entity Injection

CVE-2025-66372 LOW

Mustang <2.16.3 - Info Disclosure

CVE-2025-66371 MEDIUM

Peppol-py < 1.1.1 - XML External Entity Injection via Saxon Configuration

CVE-2025-66370 MEDIUM

kivitendo < 3.9.2 - XML External Entity Injection via ZUGFeRD Invoice Upload

CVE-2025-58360 HIGH KEV

GeoServer WMS GetMap XXE Arbitrary File Read

CVE-2025-63917 HIGH

PDFPatcher < 1.1.3.4663 - XML External Entity Injection via Bookmark Import

CVE-2025-13209 MEDIUM

bestfeng oa_git_free <9.5 - XML External Entity Reference

CVE-2025-11700 HIGH

N-able N-Central Authentication Bypass and XXE Scanner

CVE-2025-64518 HIGH

cyclonedx-core-java 2.1.0-11.0.0 - XML External Entity Injection in Validator

CVE-2025-63551 HIGH

MetInfo < 8.1 - Server-Side Request Forgery via XML External Entity Injection

CVE-2025-10713 MEDIUM

WSO2 API Manager - XML External Entity Injection via Improper XML Parser Configuration

CVE-2025-12531 HIGH

IBM InfoSphere Information Server <11.7.1.6 - XXE

CVE-2025-64134 HIGH

Jenkins JDepend Plugin < 1.3.1 - XML External Entity Injection

CVE-2025-46425 MEDIUM

Dell Storage Center - Dell Storage Manager <20.1.20 - XML External ...

CVE-2025-6985 HIGH

langchain-text-splitters < 0.3.9 - XML External Entity Injection via HTMLSectionSplitter XSLT Parsing

CVE-2025-11341 HIGH

Jinher OA < 2.0 - XML External Entity Injection via WebDesign.aspx

Previous Page 3 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy