CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Amazon•added 2026/06/08 12:0 a.m.•9 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00472EPSS

Exploits0

Tenable Nessus•added 2026/06/08 12:0 a.m.•7 views

Amazon Linux 2 : perl-XML-LibXML, --advisory ALAS2-2026-3342 (ALAS-2026-3342)

The version of perl-XML-LibXML installed on the remote host is prior to 2.0018-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3342 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncat...

7.5CVSS5.5AI score0.00472EPSS

RedhatCVE•added 2026/06/05 7:43 p.m.•7 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

7.5CVSS5.5AI score0.00472EPSS

Exploits0References1

OSV•added 2026/06/03 9:6 p.m.•7 views

GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.3CVSS6.1AI score0.00174EPSS

Exploits0References3

Github Security Blog•added 2026/06/03 9:6 p.m.•9 views

malla: Stored XSS via Meshtastic node names in multiple frontend pages

6.1AI score0.00174EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-46117

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

6.3CVSS6.1AI score0.00174EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•7 views

PT-2026-46092

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

6.3CVSS6.1AI score

RedhatCVE•added 2026/05/29 8:13 p.m.•11 views

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

NVD•added 2026/05/28 6:16 p.m.•11 views

CVE-2026-45323

9.6CVSS0.00265EPSS

CVE•added 2026/05/28 4:54 p.m.•103 views

CVE-2026-45323

Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...

Exploits1References1Affected Software1

Cvelist•added 2026/05/28 4:54 p.m.•29 views

CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

9.6CVSS0.00265EPSS

Vulnrichment•added 2026/05/28 4:54 p.m.•8 views

CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

ATTACKERKB•added 2026/05/28 4:54 p.m.•10 views

CVE-2026-45323