Lucene search
K

53500 matches found

CVE
CVE
added yesterday4 views

CVE-2026-14000

CVE-2026-14000 affects Google Chrome versions prior to 150.0.7871.47 due to an inappropriate XML implementation. The flaw enables a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page, as documented in the NVD/CVELIST entries. Affected software is Google Chrome (Chr...

6AI score
Exploits0References2
CVE
CVE
added yesterday2 views

CVE-2026-13954

The CVE affects Google Chrome on Android, where insufficient policy enforcement in XML allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Affected versions are prior to 150.0.7871.47; remediation is to update to 150.0.7871.47 or late...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday2 views

CVE-2026-13954

Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
CVE
CVE
added yesterday2 views

CVE-2026-13835

The CVE affects Google Chrome prior to version 150.0.7871.47, due to an inappropriate implementation in XML handling that could enable a remote attacker to trigger heap corruption with a crafted HTML page. This is a high-severity vulnerability affecting the Chromium-based browser. Affected compon...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-56364

ImageMagick before 7.1.2-13 contains a memory leak in LoadOpenCLDeviceBenchmark() when parsing malformed OpenCL device profile XML files with unclosed device elements. With write access to the OpenCL cache directory, an attacker can place crafted XML files to exhaust memory, causing denial of ser...

1.9CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-40389

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-58016

GLib vulnerability CVE-2026-58016 affects gio/gdbusintrospection.c: in g_dbus_node_info_new_for_xml() when parsing malformed D-Bus introspection XML, a element nested inside elements such as , , , or triggers an unsigned integer overflow and an out-of-bounds read, resulting in denial of service.

7.5CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added yesterday5 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-40319

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score
Exploits0References3
OSV
OSV
added yesterday12 views

ROOT-APP-NPM-CVE-2026-26278 CVE-2026-26278 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-26278 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.5AI score0.00811EPSS
Exploits1
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

9.3CVSS5.3AI score0.00445EPSS
Exploits1
OSV
OSV
added yesterday10 views

ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

6.1CVSS5.8AI score0.00238EPSS
Exploits1
OSV
OSV
added yesterday6 views

ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

5.9CVSS5.8AI score0.00449EPSS
Exploits1
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00478EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-APP-NPM-CVE-2026-33036 CVE-2026-33036 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33036 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00576EPSS
Exploits1
Nuclei
Nuclei
added yesterday34 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6AI score0.01877EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday92 views

Citrix StoreFront - Cross-Site Scripting

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...

7.2CVSS6.5AI score0.73142EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday139 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7.1AI score0.05238EPSS
Exploits0References5
Rows per page
Query Builder