CVE List by Type: XXE (Filtered by Published Year)

Explore CVEs related to XXE vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing XXE CVEs published in 2009. View full CVE list

Showing 12 of 2 results
«« First « Prev Page 1 / 1 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2009-1699 The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." 7.5 29.10% 2009-06-10 2026-06-16
CVE-2009-1955 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. 7.5 52.99% 2009-06-07 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence