CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

CVE•added 2026/05/13 3:27 p.m.•10 views

CVE-2026-44664

The CVE concerns fast-xml-builder, which converts JSON to XML. In version 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitized -- sequences in XML comments via .replace(/--/g, '- -'), allowing an attacker to break out of a comment and inject arbitrary XML/HTML. The issue is addressed in...

6.1CVSS5.9AI score0.0001EPSS

Exploits0References1

UbuntuCve•added 2026/05/07 3:16 p.m.•5 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.8AI score0.00012EPSS

Exploits1References3

EUVD•added 2026/03/10 9:32 p.m.•3 views

EUVD-2025-208518

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

5.4CVSS5.9AI score0.00206EPSS

Exploits2References3

Snyk•added 2026/03/03 9:44 p.m.•3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createDOMPurify function, via comments embedded in XML noscript, xmp, noembed, noframes, and iframe attributes containing...

6.1CVSS5.5AI score0.00014EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-0015

Malware in sbrugna...

4.3CVSS6AI score0.00608EPSS

Exploits1References19

SUSE CVE•added 2023/02/15 5:53 a.m.•1 views

SUSE CVE-2011-1157

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

4.3CVSS6.1AI score0.00608EPSS

Exploits1References4

OSV•added 2018/07/23 7:52 p.m.•0 views

GHSA-2P78-8HH6-96XC feedparser Cross-site Scripting vulnerability

6.1CVSS6AI score0.00608EPSS

Exploits1References13

Github Security Blog•added 2018/07/23 7:52 p.m.•19 views

feedparser Cross-site Scripting vulnerability

4.3CVSS5.2AI score0.00608EPSS

Exploits1References12Affected Software1

OSV•added 2018/05/29 1:29 p.m.•1 views

CVE-2018-5241

Symantec Advanced Secure Gateway ASG 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, A...

9.8CVSS5.8AI score0.0408EPSS

Exploits0References3

Tenable Nessus•added 2016/12/13 12:0 a.m.•29 views

openSUSE Security Update : pacemaker (openSUSE-2016-1447)

This update for pacemaker fixes the following issues : - remote: Allow cluster and remote LRM API versions to diverge bsc1009076 - libcrmcommon: fix CVE-2016-7035 improper IPC guarding bsc1007433 - sysconfig: minor tweaks typo, wording - spec: more robust check for systemd being in use - spec:...

8.8CVSS7.6AI score0.02415EPSS

Exploits0References11

Tenable Nessus•added 2011/05/03 12:0 a.m.•32 views

Mandriva Linux Security Advisory : python-feedparser (MDVSA-2011:082)

Multiple vulnerabilities has been found and corrected in python-feedparser : Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested...

5CVSS5.6AI score0.07165EPSS

Exploits3References4

OSV•added 2011/04/11 6:55 p.m.•5 views

CVE-2011-1157

4.3CVSS5.5AI score0.00608EPSS

Exploits1References14