CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

140 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в firefox

An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...

9.8CVSS6.8AI score0.53858EPSS

Exploits2References2

NVD•added 2026/05/07 3:16 p.m.•8 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS0.00012EPSS

Exploits1References2

OSV•added 2026/04/04 4:24 a.m.•0 views

GHSA-W48F-FWG7-WW6P @stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding

Summary @stablelib/cbor decodes CBOR maps into ordinary JavaScript objects and assigns attacker-controlled keys directly onto those objects. A CBOR map key named proto therefore changes the prototype of the decoded object instead of becoming an ordinary data property. Details The decoder builds m...

8.9CVSS5.9AI score

Exploits0References3

EUVD•added 2026/03/24 9:31 p.m.•2 views

EUVD-2026-14950

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.0003EPSS

Exploits0References2

OSV•added 2026/03/24 8:16 p.m.•3 views

UBUNTU-CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.4AI score0.00039EPSS

Exploits1References4

UbuntuCve•added 2026/02/26 2:16 a.m.•1 views

CVE-2026-27942

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

7.5CVSS5.9AI score0.00018EPSS

Exploits0References4

Debian CVE•added 2026/02/19 7:40 p.m.•6 views

CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

7.5CVSS7.3AI score0.00032EPSS

Exploits1

Snyk•added 2025/12/12 7:45 p.m.•3 views

Prototype Pollution

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...

8.8CVSS6.7AI score0.002EPSS

Exploits0References2

CNNVD•added 2025/11/20 12:0 a.m.•1 views

CouchAuth 安全漏洞

CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...

6.5CVSS6.4AI score0.0002EPSS

Exploits0References4