Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the...

5.9CVSS6.1AI score0.00449EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/24 8:51 p.m.5 views

CVE-2026-33349

A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References5
NVD
NVD
added 2026/03/24 8:16 p.m.5 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS0.00449EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/24 8:16 p.m.6 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:35 p.m.13 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/19 7:40 p.m.42 views

CVE-2026-26278

CVE-2026-26278 affects the fast-xml-parser library. In versions 4.1.3 through 5.3.5, the XML parser could be forced into unbounded entity expansion, causing a single small XML input to consume seconds/minutes of CPU time and freeze the app. The issue is resolved in version 5.3.6. A workaround is ...

7.5CVSS5.5AI score0.00811EPSS
Exploits1References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 7:40 p.m.24 views

CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

7.5CVSS5.9AI score0.00811EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder