Resources

Vulnerability & Exploit Database

This is the list of vulnerabilities you can detect with Pentest-Tools.com and the exploits currently available in the platform.

We detect more than 16.073 vulnerabilities with multiple tools (Network Scanner, Website Scanner, Wordpress Scanner, and more) and we also have 177 exploit modules in Sniper to validate the risk level of critical CVEs.

Display

Search results for: XML External Entity

Displaying 1 - 25 results out of 63

Pentest-Tools.com Vulnerabilities
Name	Detectable with	Detection added	Severity	Exploitable with Sniper
GeoServer - XML External Entity Injection CVE-2025-58360	Network Scanner	Nov 27, 2025	High(8.2)	No
Guralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE) CVE-2022-38840	Network Scanner	Oct 10, 2025	High(7.5)	No
Apache Tika 1.13 - 3.2.1 XXE Vulnerability CVE-2025-54988	Network Scanner	Aug 25, 2025	Critical(9.8)	No
Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE) CVE-2025-49493	Network Scanner	Jul 13, 2025	Critical(9.1)	No
GeoServer WFS - XXE Processing Vulnerability CVE-2025-30220	Network Scanner	Jun 18, 2025	Critical(9.9)	No
LabKey Server 19.1.0 - XML External Entity (XXE) CVE-2019-9757	Network Scanner	Jun 12, 2025	High(7.5)	No
SysAid On-Prem <= 23.3.40 - XML External Entity CVE-2025-2775	Network Scanner	May 11, 2025	Critical(9.3)	No
SysAid On-Prem <= 23.3.40 - XML External Entity CVE-2025-2777	Network Scanner	May 11, 2025	Critical(9.3)	No
SysAid On-Prem <= 23.3.40 - XML External Entity CVE-2025-2776	Network Scanner	May 11, 2025	Critical(9.3)	No
74CMS weixin.php - SQL Injection	Network Scanner	Dec 2, 2024	High	No
Wanhu OA TeleConferenceService Interface - XML External Entity Injection	Network Scanner	Dec 2, 2024	High	No
Generic XML External Entity - (XXE)	Network Scanner	Dec 2, 2024	Medium	No
EcologyOA deleteUserRequestInfoByXml - XML External Entity Injection	Network Scanner	Dec 2, 2024	High	No
Ivanti Avalanche SmartDeviceServer - XML External Entity CVE-2024-38653	Network Scanner	Nov 20, 2024	High(7.5)	No
Magento - XML External Entity Injection CVE-2024-34102	Network Scanner	Jul 16, 2024	Critical(9.8)	Yes
Adobe Commerce & Magento - CosmicSting CVE-2024-34102	Network Scanner	Jun 26, 2024	Critical(9.8)	No
OpenCMS - XML external entity (XXE) CVE-2023-42344	Network Scanner	Feb 22, 2024	High(9.8)	No
Ivanti Connect Secure - XXE CVE-2024-22024	Network Scanner	Feb 10, 2024	High(8.3)	No
FreeIPA - XML Entity Injection CVE-2022-2414	Network Scanner	Aug 8, 2023	High(7.5)	No
Oracle Business Intelligence/XML Publisher - XML External Entity Injection CVE-2019-2616	Network Scanner	Jul 4, 2023	High(7.2)	No
Oracle Business Intelligence Publisher - XML External Entity Injection CVE-2019-2767	Network Scanner	Jul 4, 2023	High(7.2)	No
SAP Internet Graphics Server (IGS) - XML External Entity Injection CVE-2018-2392	Network Scanner	Jul 4, 2023	High(7.5)	No
Adobe Experience Manager - XML External Entity Injection CVE-2019-8086	Network Scanner	Jul 4, 2023	High(7.5)	No
Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution CVE-2022-28219	Network Scanner	Jul 4, 2023	Critical(9.8)	No
LumisXP <10.0.0 - Blind XML External Entity Attack CVE-2021-27931	Network Scanner	Jul 4, 2023	Critical(9.1)	No