Total
1239 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000497 | 1 Pepperminty-wiki Project | 1 Pepperminty-wiki | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution | |||||
| CVE-2017-1000496 | 1 Commsy | 1 Commsy | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | |||||
| CVE-2017-1000477 | 1 Xmlbundle Project | 1 Xmlbundle | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | |||||
| CVE-2017-1000190 | 2 Apache, Simplexml Project | 2 Solr, Simplexml | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | |||||
| CVE-2017-1000061 | 1 Xmlsec Project | 1 Xmlsec | 2026-06-17 | 5.8 MEDIUM | 7.1 HIGH |
| xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | |||||
| CVE-2017-1000021 | 1 Logicaldoc | 1 Logicaldoc | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | |||||
| CVE-2017-0170 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". | |||||
| CVE-2016-9924 | 1 Synacor | 1 Zimbra Collaboration Suite | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | |||||
| CVE-2016-9724 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2026-06-17 | 7.5 HIGH | 8.1 HIGH |
| IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537. | |||||
| CVE-2016-9707 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2026-06-17 | 7.5 HIGH | 8.1 HIGH |
| IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. | |||||
| CVE-2016-9706 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2026-06-17 | 8.5 HIGH | 9.1 CRITICAL |
| IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | |||||
| CVE-2016-9698 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2026-06-17 | 7.5 HIGH | 8.1 HIGH |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. | |||||
| CVE-2016-9691 | 1 Ibm | 1 Websphere Cast Iron Solution | 2026-06-17 | 9.0 HIGH | 8.6 HIGH |
| IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. | |||||
| CVE-2016-9563 | 1 Sap | 1 Netweaver Application Server Java | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. | |||||
| CVE-2016-9487 | 1 W3 | 1 Epubcheck | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities. | |||||
| CVE-2016-9318 | 3 Canonical, Xmlsec Project, Xmlsoft | 3 Ubuntu Linux, Xmlsec, Libxml2 | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||||
| CVE-2016-9181 | 1 Image-info Project | 1 Image-info For Perl | 2026-06-17 | 5.8 MEDIUM | 7.1 HIGH |
| perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. | |||||
| CVE-2016-9180 | 1 Xmltwig | 1 Xml-twig For Perl | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. | |||||
| CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2026-06-17 | 7.5 HIGH | 8.1 HIGH |
| IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
| CVE-2016-8974 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2026-06-17 | 7.5 HIGH | 8.1 HIGH |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. | |||||