Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,250 vulnerabilities with CWE-611

CVE-2025-20369 MEDIUM

Splunk <9.4.4, <9.3.6, <9.2.8 - DoS

CVE-2025-48006 CRITICAL

DataSpider Servista <= 4.4 - XML External Entity Injection

CVE-2025-11140 HIGH

zhiyou_erp < 11.0 - XML External Entity Injection via openForm Function

CVE-2025-11035 MEDIUM

Jinher OA 2.0 - XML External Entity Injection via ManageWord.aspx

CVE-2025-10816 HIGH

Jinher OA 2.0 - XML External Entity Injection in GetWordFileName.aspx

CVE-2025-10183 CRITICAL

TecCom TecConnect 4.1 - Unauthenticated XML External Entity Injection in OpenMessaging Webservice

CVE-2025-10092 HIGH

Jinher OA < 1.2 - XML External Entity Injection via TaskManage AddTask Endpoint

CVE-2025-10091 HIGH

jinher_oa < 1.2 - XML External Entity Injection via ProjectManage XmlHttp Endpoint

CVE-2025-35112 MEDIUM

Agiloft 19-28 - Authenticated XML External Entity Injection via Import/Export Table Template

CVE-2025-57704 MEDIUM

Delta Electronics EIP Builder <1.11 - Info Disclosure

CVE-2025-54988 HIGH

Apache Tika 1.13-3.2.1 - XML External Entity Injection via Crafted XFA in PDF

CVE-2025-4044 HIGH

Lexmark Printer Drivers - Info Disclosure

CVE-2025-26484 MEDIUM

Dell CloudLink 8.0-8.1.1 - Authenticated XML External Entity Injection

CVE-2025-40584 MEDIUM

SIMOTION SCOUT TIA/V - Info Disclosure

CVE-2025-54992 MEDIUM

OpenKilda <1.164.0 - Info Disclosure

CVE-2025-8355 HIGH

Xerox FreeFlow Core 8.0.4 - Server-Side Request Forgery via XML External Entity Injection

CVE-2025-54254 HIGH

Adobe Experience Manager Forms < 6.5.23.0 - XML External Entity Injection

CVE-2025-36608 MEDIUM

Dell SmartFabric OS10 < 10.6.0.5 - XML External Entity Injection

CVE-2025-26400 MEDIUM

SolarWinds Web Help Desk < 12.8.7 - XML External Entity Injection

CVE-2025-54445 HIGH

Samsung MagicINFO 9 Server < 21.1080.0 - Server-Side Request Forgery via XML External Entity Injection

CVE-2025-7766 HIGH

Lantronix Provisioning Manager - RCE

CVE-2025-34142 MEDIUM

ETQ Reliance CG (legacy) < SE.2025.1 and < 2025.1.2 - XML External Entity Injection in SAML SSO Handler

CVE-2025-36603 MEDIUM

Dell AppSync < 4.6.0.4 - XML External Entity Injection

CVE-2025-7824 HIGH

Jinher OA 1.1 - XML External Entity Reference

CVE-2025-7823 HIGH

Jinher OA 1.2 - XML External Entity Reference

Previous Page 4 of 50 Next

Details

Vulnerabilities 1,250

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy