CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4253 matches found

Vulnrichment•added 2026/05/07 3:36 a.m.•5 views

CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS5.8AI score0.0034EPSS

Exploits0References6

Cvelist•added 2026/05/07 3:36 a.m.•74 views

CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization

8.7CVSS0.0034EPSS

Exploits0References6

CVE•added 2026/05/07 3:36 a.m.•78 views

CVE-2026-41672

CVE-2026-41672 affects xmldom/xmldom: attacker-controlled comment content can be serialized into XML, enabling injection of arbitrary nodes by breaking out of XML comments. The vulnerability exists in versions prior to 0.9.10 and 0.8.13 (and 0.6.0 and earlier) and is mitigated in 0.9.10 and 0.8.1...

8.7CVSS5.8AI score0.0034EPSS

Exploits0References6

SUSE CVE•added 2026/05/07 2:16 a.m.•6 views

SUSE CVE-2026-43255

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usbtxblock The function usbtxblock submits cardp-txurb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active e.g. during...

4.7CVSS5.8AI score0.00128EPSS

Exploits0References4

CNNVD•added 2026/05/07 12:0 a.m.•7 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping or validation when serializing DocumentType node...

8.7CVSS5.9AI score0.00392EPSS

Exploits0References1

CNNVD•added 2026/05/07 12:0 a.m.•9 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation or neutralization when serializing comment...

8.7CVSS5.9AI score0.0034EPSS

Exploits0References1

CNNVD•added 2026/05/07 12:0 a.m.•7 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper validation or neutralization of the PI end sequence when...

8.7CVSS5.9AI score0.00414EPSS

Exploits0References1

OSV•added 2026/05/06 2:44 p.m.•3 views

BIT-JAVA-MIN-2024-21217

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

3.7CVSS6.8AI score0.01157EPSS

Exploits0References5

OSV•added 2026/05/06 2:44 p.m.•4 views

BIT-JAVA-2024-21217

3.7CVSS6.8AI score0.01157EPSS

Exploits0References5

OSV•added 2026/05/06 2:43 p.m.•2 views

BIT-JAVA-MIN-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS6.5AI score0.03765EPSS

Exploits0References7

OSV•added 2026/05/06 2:43 p.m.•6 views

BIT-JAVA-2022-21341

5.3CVSS6.5AI score0.03765EPSS

Exploits0References7

OSV•added 2026/05/06 2:42 p.m.•5 views

BIT-JAVA-MIN-2022-21248

4.3CVSS6.5AI score0.03763EPSS

Exploits0References10

OSV•added 2026/05/06 2:42 p.m.•4 views

BIT-JAVA-2022-21248

4.3CVSS6.5AI score0.03763EPSS

Exploits0References10

OSV•added 2026/05/06 2:42 p.m.•7 views

BIT-JAVA-MIN-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS6.7AI score0.04211EPSS

Exploits0References16

OSV•added 2026/05/06 2:42 p.m.•4 views

BIT-JAVA-2020-2757

4.3CVSS6.7AI score0.04211EPSS

Exploits0References16

OSV•added 2026/05/06 2:42 p.m.•2 views

BIT-JAVA-2020-2756

4.3CVSS6.7AI score0.04211EPSS

Exploits0References16

OSV•added 2026/05/06 2:42 p.m.•5 views

BIT-JAVA-MIN-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.1CVSS7.3AI score0.04903EPSS

Exploits0References25

OSV•added 2026/05/06 2:41 p.m.•3 views

BIT-JAVA-MIN-2020-2583

4.3CVSS6.8AI score0.0404EPSS

Exploits0References27

OSV•added 2026/05/06 2:41 p.m.•3 views

BIT-JAVA-2020-2583

4.3CVSS6.8AI score0.0404EPSS

Exploits0References27

OSV•added 2026/05/06 2:41 p.m.•4 views

BIT-JAVA-MIN-2020-14779

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS6.7AI score0.03713EPSS

Exploits0References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by