Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,228 vulnerabilities with CWE-611

CVE-2025-27136 MEDIUM

LocalS3 <1.21 - XXE Injection

CVE-2025-0162 HIGH

IBM Aspera Shares <1.10.0 PL7 - XXE

CVE-2025-24521 MEDIUM

XML Entity Injection - Info Disclosure

CVE-2025-1225 MEDIUM

ywoa <2024.07.03 - XML External Entity Reference

CVE-2025-23195 HIGH

Apache Ambari < 2.7.9 - XXE

CVE-2024-13971 HIGH

Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

CVE-2024-39847 HIGH

Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP

CVE-2024-8010 LOW

XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files

CVE-2024-2374 HIGH

XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

CVE-2024-58335 MEDIUM

OpenXRechnungToolbox <6c50e89 - XML External Entity

CVE-2024-34711 CRITICAL

Osgeo Geoserver < 2.25.0 - Information Disclosure

CVE-2024-51445 MEDIUM

Siemens Polarion Alm < 2404.4 - XXE

CVE-2024-49781 HIGH

IBM OpenPages <9.0 - XXE

CVE-2024-25066 MEDIUM

RSA Authentication Manager <8.7 SP2 - XSS

CVE-2024-54171 HIGH

IBM EntireX 11.1 - XXE

CVE-2024-49352 HIGH

IBM Cognos Analytics < 11.2.4 - XXE

CVE-2024-52807 HIGH

Org.hl7.fhir.publisher.cli < 1.7.4 - XXE

CVE-2024-42185 LOW

BigFix Patch Download Plug-ins - Code Injection

CVE-2024-12476 HIGH

Web Designer <unknown - Info Disclosure/Remote Code Execution

CVE-2024-12298 MEDIUM

NB-series NX-Designer - Info Disclosure

CVE-2024-46603 HIGH

Elspec-ltd G5dfr Firmware < 1.2.2.19 - XXE

CVE-2024-46602 HIGH

Elspec-ltd G5dfr Firmware < 1.2.2.19 - XXE

CVE-2024-56324 HIGH

Thoughtworks Gocd < 24.5.0 - XXE

CVE-2024-56322 HIGH

Thoughtworks Gocd < 24.5.0 - XXE

CVE-2024-40896 CRITICAL

libxml2 <2.11.9-2.13.3 - XSS

Previous Page 6 of 50 Next

Details

Vulnerabilities 1,228

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy