Fedora 44 : perl-XML-Parser (2026-dcb80f8e23)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dcb80f8e23 advisory. 2.51 bump - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

CVE-2021-27492

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...

CLSA-2026-1774611572 expat: Fix of CVE-2026-32778

CVE-2026-32778: fix NULL pointer dereference in setContext on retry after earlier out-of-memory...

Mageia: Security Advisory (MGASA-2026-0063)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-33349

A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are...

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

DEBIAN-CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

UBUNTU-CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

CVE-2026-33349

CVE-2026-33349 affects the fast-xml-parser library. The issue lives in the DocTypeReader for versions 4.0.0-beta.3 through before 5.5.7, where JavaScript truthy checks on maxEntityCount and maxEntitySize cause guard conditions to short‑circuit when 0 is explicitly set, bypassing limits. An attack...

CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

MGASA-2026-0063 Updated perl-XML-Parser packages fix security vulnerabilities

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size causing a heap corruption double free or corruption and crashes. CVE-2006-10002 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. CVE-2006-10003...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser from 4.0.0-beta.3 to 5.5.7 contained security vulnerabilities. The...

Fedora 45 : perl-XML-Parser (2026-7d5754535f)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7d5754535f advisory. Automatic update for perl-XML-Parser-2.51-1.fc45. Changelog Mon Mar 23 2026 Jitka Plesnikova - 2.51-1 - 2.51 bump rhbz2448965 - Fix CVE-2006-10002...

Linux Distros Unpatched Vulnerability : CVE-2026-33036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass...

EUVD-2026-13782

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...