CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2702 matches found

OSV•added 2026/03/24 8:16 p.m.•3 views

UBUNTU-CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.4AI score0.00039EPSS

Exploits1References4

Debian CVE•added 2026/03/24 7:35 p.m.•1 views

CVE-2026-33349

5.9CVSS5.4AI score0.00039EPSS

Exploits1

OSV•added 2026/03/24 7:35 p.m.•2 views

CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation

5.9CVSS5.8AI score0.00039EPSS

Exploits1References4

ATTACKERKB•added 2026/03/24 7:35 p.m.•6 views

CVE-2026-33349

5.9CVSS5.7AI score0.00039EPSS

Exploits1References3Affected Software1

CVE•added 2026/03/24 7:35 p.m.•9 views

CVE-2026-33349

CVE-2026-33349 affects the fast-xml-parser library. The issue lives in the DocTypeReader for versions 4.0.0-beta.3 through before 5.5.7, where JavaScript truthy checks on maxEntityCount and maxEntitySize cause guard conditions to short‑circuit when 0 is explicitly set, bypassing limits. An attack...

5.9CVSS5.7AI score0.00039EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/24 7:35 p.m.•14 views

CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation

5.9CVSS0.00039EPSS

Exploits1References2

Vulnrichment•added 2026/03/24 7:35 p.m.•2 views

CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation

5.9CVSS5.7AI score0.00039EPSS

Exploits1References2

OSV•added 2026/03/24 5:53 p.m.•2 views

MGASA-2026-0063 Updated perl-XML-Parser packages fix security vulnerabilities

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size causing a heap corruption double free or corruption and crashes. CVE-2006-10002 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. CVE-2006-10003...

9.8CVSS6AI score0.00035EPSS

Exploits0References4

CNNVD•added 2026/03/24 12:0 a.m.•3 views

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser from 4.0.0-beta.3 to 5.5.7 contained security vulnerabilities. The...

5.9CVSS6.2AI score0.00039EPSS

Exploits1References3

Tenable Nessus•added 2026/03/23 12:0 a.m.•2 views

Fedora 45 : perl-XML-Parser (2026-7d5754535f)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7d5754535f advisory. Automatic update for perl-XML-Parser-2.51-1.fc45. Changelog Mon Mar 23 2026 Jitka Plesnikova - 2.51-1 - 2.51 bump rhbz2448965 - Fix CVE-2006-10002...

9.8CVSS5.9AI score0.00035EPSS

Exploits0References3

Tenable Nessus•added 2026/03/21 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass...

7.5CVSS6.5AI score0.00032EPSS

Exploits2References3

EUVD•added 2026/03/20 8:7 p.m.•1 views

EUVD-2026-13782

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

5.8CVSS6AI score0.00027EPSS

Exploits1References2

ATTACKERKB•added 2026/03/20 8:7 p.m.•9 views

CVE-2026-33144

5.8CVSS6AI score0.00027EPSS

Exploits1References3

SUSE CVE•added 2026/03/20 10:29 a.m.•3 views

SUSE CVE-2006-10002

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...

8.6CVSS6AI score0.00035EPSS

Exploits0References10

SUSE CVE•added 2026/03/20 10:29 a.m.•2 views

SUSE CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

7.5CVSS6AI score0.00029EPSS

Exploits0References10

Microsoft CVE•added 2026/03/20 8:4 a.m.•3 views

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

...

9.8CVSS5.9AI score0.00029EPSS

Exploits0

RedhatCVE•added 2026/03/20 8:0 a.m.•2 views

CVE-2026-33036

A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by supplying specially crafted XML input containing numeric character references or standard XML entities. This input can bypass configured entity expansion limits, leading to excessive memory allocation and hig...

7.5CVSS5.7AI score0.00027EPSS

Exploits1References6

OSV•added 2026/03/20 6:16 a.m.•1 views

DEBIAN-CVE-2026-33036

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references &NNN;, &xHH; and standard XML entities completely evade the entity expansion limits e.g.,...

7.5CVSS6.3AI score0.00027EPSS

Exploits1References1