Lucene search
K

7 matches found

OSV
OSV
added 5 days ago6 views

ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

5.9CVSS5.8AI score0.00449EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 11:40 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645.

Summary IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645...

5.9CVSS4.7AI score0.00449EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/24 8:51 p.m.3 views

CVE-2026-33349

A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References5
NVD
NVD
added 2026/03/24 8:16 p.m.4 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS0.00449EPSS
Exploits1References2
OSV
OSV
added 2026/03/24 8:16 p.m.5 views

UBUNTU-CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.4AI score0.00449EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:35 p.m.12 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/19 7:13 p.m.7 views

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.9), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1174 more potentially affected by CVE-2026-33349 via fast-xml-parser (>=5.0.1 <=5.5.6)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =0.2.0, =0.5.3, =0.2.1, =0.0.4, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.4.3 and more Source cves: CVE-2026-33349 Source advisory: OSV:GHSA-JP2Q-39XQ-3W4G...

5.9CVSS6.2AI score0.00449EPSS
Exploits1
Rows per page
Query Builder