Lucene search
K

96 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 1:36 p.m.10 views

CVE-2026-41650 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 1:36 p.m.65 views

CVE-2026-41650

CVE-2026-41650 affects fast-xml-parser XMLBuilder prior to v5.7.0, where unescaped "-->" in comments and "]]>" in CDATA can lead to XML injection when user-controlled data is built into XML from JavaScript objects. This can enable XSS, SOAP injection, or data manipulation as described in th...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/07 4:16 a.m.70 views

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS0.00365EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:36 a.m.10 views

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/07 3:36 a.m.101 views

CVE-2026-41672

CVE-2026-41672 affects xmldom/xmldom: attacker-controlled comment content can be serialized into XML, enabling injection of arbitrary nodes by breaking out of XML comments. The vulnerability exists in versions prior to 0.9.10 and 0.8.13 (and 0.6.0 and earlier) and is mitigated in 0.9.10 and 0.8.1...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/07 12:0 a.m.11 views

container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A domain name containing a newline character breaks out of the comment context and injects an...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/22 8:16 p.m.11 views

GHSA-J759-J44W-7FR8 xmldom has XML node injection through unvalidated comment serialization

Summary The package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output. --- Details The issue is in t...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/22 8:16 p.m.17 views

xmldom has XML node injection through unvalidated comment serialization

Summary The package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output. --- Details The issue is in t...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2026/04/22 8:4 p.m.12 views

GHSA-GH4J-GQV2-49F6 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters Summary fast-xml-parser XMLBuilder does not escape the -- sequence in comment content or the sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/22 8:4 p.m.36 views

fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters Summary fast-xml-parser XMLBuilder does not escape the -- sequence in comment content or the sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34614

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 5.7.0 Description XMLBuilder fails to escape the "--" sequence in comment content and the "" sequence in CDATA sections when generating XML from JavaScript objects. This flaw enables XML injection if...

8.2CVSS5.7AI score0.01855EPSS
Exploits6References85
Snyk
Snyk
added 2026/04/17 9:0 p.m.9 views

XML Injection

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection due to unvalidated comment serialization. When an application uses the package to create an XML...

8.7CVSS5.4AI score0.00365EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 4:16 a.m.7 views

CVE-2026-6156

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...

10CVSS0.01823EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/13 3:30 a.m.2 views

CVE-2026-6156

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...

10CVSS6.9AI score0.01823EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 1:25 p.m.6 views

CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...

7.5CVSS5.8AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 1:25 p.m.5 views

CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...

7.5CVSS5.8AI score0.00376EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 1:25 p.m.33 views

CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...

7.5CVSS0.00376EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 1:25 p.m.24 views

CVE-2026-33418

The CVE describes a vulnerability in @dicebear/converter.ensureSize() prior to v9.4.2, where a regex-based rewrite of SVG width/height capped at 2048px could be bypassed by crafting input that matches a non-root before the actual root. When such SVGs are rendered via @resvg/resvg-js on the Node....

7.5CVSS5.8AI score0.00376EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/20 8:35 p.m.1 views

GHSA-7J2X-32W6-P43P SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()

Summary The ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of s...

7.5CVSS5.8AI score0.00376EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:35 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation and application crashes by injecting specially craft...

8.7CVSS5.8AI score0.00376EPSS
Exploits0References3
Rows per page
Query Builder