Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-611

CWE-611

Improper Restriction of XML External Entity Reference

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1,228 vulnerabilities with CWE-611

CVE-2024-3930 MEDIUM

Perforce Akana API < 2024.1.0 - XXE

CVE-2024-40075 MEDIUM

Laravel <11.x - XSS

CVE-2024-6961 MEDIUM

Pypi Guardrails-ai < 0.5.0 - XXE

CVE-2024-5625 MEDIUM

PruvaSoft Informatics Apinizer Mgmt Console <2024.05.1 - SSRF

CVE-2024-38374 HIGH

CycloneDX - XXE Injection

CVE-2024-34102 CRITICAL KEV

CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)

CVE-2024-37388 CRITICAL

Dnkorpushov Ebookmeta < 4.9.1 - XXE

CVE-2024-36827 HIGH

ebookmeta <v1.2.8 - SSRF

CVE-2024-3969 HIGH

OpenText iManager <3.2.6.0200 - SSRF

CVE-2024-4357 MEDIUM

Progress Telerik Reporting < 10.1.24.514 - XXE

CVE-2024-3486 HIGH

Microfocus Imanager < 3.2.6 - XXE

CVE-2024-30043 MEDIUM

Microsoft SharePoint Server - Info Disclosure

CVE-2024-34345 HIGH

CycloneDX <6.7.0 - XML Injection

CVE-2024-29010 HIGH

GMS <9.3.4 - Info Disclosure

CVE-2024-22354 HIGH

IBM WebSphere Application Server <24.0.0.5 - XXE

CVE-2024-21082 CRITICAL

Oracle BI Publisher - XXE

CVE-2024-21048 MEDIUM

Oracle Web Applications Desktop Integrator < 12.2.13 - XXE

CVE-2024-25971 MEDIUM

Dell Powerprotect Data Manager < 19.16 - XXE

CVE-2024-31139 MEDIUM

Jetbrains Teamcity < 2024.03 - XXE

CVE-2024-2826 MEDIUM

Lakernote Easyadmin < 2024-03-15 - XXE

CVE-2024-28039 MEDIUM

FitNesse - Info Disclosure

CVE-2024-27266 HIGH

IBM Maximo Application Suite 7.6.1.3 - XXE

CVE-2024-28198 MEDIUM

Frentix Openolat < 18.1.6 - XXE

CVE-2024-25129 LOW

CodeQL CLI <2.16.3 - SSRF

CVE-2024-25606 HIGH

Liferay Portal <7.4.3.7 & DXP <7.4 - Info Disclosure

Previous Page 9 of 50 Next

Details

Vulnerabilities 1,228

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy