53500 matches found
CVE-2026-14000
CVE-2026-14000 affects Google Chrome versions prior to 150.0.7871.47 due to an inappropriate XML implementation. The flaw enables a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page, as documented in the NVD/CVELIST entries. Affected software is Google Chrome (Chr...
CVE-2026-13954
The CVE affects Google Chrome on Android, where insufficient policy enforcement in XML allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Affected versions are prior to 150.0.7871.47; remediation is to update to 150.0.7871.47 or late...
CVE-2026-13954
Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13835
The CVE affects Google Chrome prior to version 150.0.7871.47, due to an inappropriate implementation in XML handling that could enable a remote attacker to trigger heap corruption with a crafted HTML page. This is a high-severity vulnerability affecting the Chromium-based browser. Affected compon...
CVE-2026-56364
ImageMagick before 7.1.2-13 contains a memory leak in LoadOpenCLDeviceBenchmark() when parsing malformed OpenCL device profile XML files with unclosed device elements. With write access to the OpenCL cache directory, an attacker can place crafted XML files to exhaust memory, causing denial of ser...
EUVD-2026-40389
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2026-58016
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
CVE-2026-58016
GLib vulnerability CVE-2026-58016 affects gio/gdbusintrospection.c: in g_dbus_node_info_new_for_xml() when parsing malformed D-Bus introspection XML, a element nested inside elements such as , , , or triggers an unsigned integer overflow and an out-of-bounds read, resulting in denial of service.
CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
EUVD-2026-40319
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
ROOT-APP-NPM-CVE-2026-26278 CVE-2026-26278 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-26278 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33036 CVE-2026-33036 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-33036 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
Microweber <1.2.12 - Stored Cross-Site Scripting
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...
Citrix StoreFront - Cross-Site Scripting
Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...
Oracle Business Intelligence Publisher - XML External Entity Injection
Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...