Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

53350 matches found

NVD
NVDadded 2026/05/07 3:16 p.m.11 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS0.00238EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/05/07 3:16 p.m.5 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.8AI score0.00238EPSS
Exploits1References3
OSV
OSVadded 2026/05/07 3:16 p.m.4 views

UBUNTU-CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References4
CVE
CVEadded 2026/05/07 1:36 p.m.44 views

CVE-2026-41650

CVE-2026-41650 affects fast-xml-parser XMLBuilder prior to v5.7.0, where unescaped "-->" in comments and "]]>" in CDATA can lead to XML injection when user-controlled data is built into XML from JavaScript objects. This can enable XSS, SOAP injection, or data manipulation as described in th...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/07 1:36 p.m.29 views

CVE-2026-41650 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS0.00238EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 1:36 p.m.4 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2026/05/07 1:36 p.m.6 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1
Ubuntu
Ubuntuadded 2026/05/07 11:44 a.m.8 views

USN-8247-1: OWSLib vulnerability

It was discovered that OWSLib did not properly disable entity resolution within its XML parser. An attacker could possibly use this issue to read arbitrary files via a crafted XML payload...

8.2CVSS5.8AI score0.00977EPSS
Exploits0
OSV
OSVadded 2026/05/07 10:19 a.m.1 views

OPENSUSE-SU-2026:20705-1 Security update for log4cxx

This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain characters not allowed by the XML 1.0 specification An XML configuration file with recursive...

6.3CVSS5.8AI score0.00499EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 9:31 a.m.8 views

EUVD-2026-28327

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

6.9CVSS5.8AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 7:16 a.m.3 views

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

6.9CVSS5.8AI score0.00078EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/07 7:16 a.m.4 views

CVE-2026-4430 Heap Buffer Overflow in AgileEngine

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

6.9CVSS5.8AI score0.00078EPSS
Exploits0References1
CVE
CVEadded 2026/05/07 7:16 a.m.47 views

CVE-2026-4430

CVE-2026-4430 is an out-of-bounds write in LibreOffice triggered by opening OOXML documents with malformed encryption parameters. Affected releases: LibreOffice 26.2 before 26.2.3 and 25.8 before 25.8.7. Debian security advisory DSA-6251-1 confirms a buffer overflow could cause an out-of-bounds w...

7.8CVSS5.8AI score0.00078EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2026/05/07 7:16 a.m.7 views

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

7.8CVSS5.8AI score0.00078EPSS
Exploits0
OSV
OSVadded 2026/05/07 4:16 a.m.5 views

UBUNTU-CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS5.8AI score0.0034EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/07 3:49 a.m.41 views

CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

8.7CVSS0.00414EPSS
Exploits0References4
CVE
CVEadded 2026/05/07 3:49 a.m.66 views

CVE-2026-41675

CVE-2026-41675 affects the xmldom/xmldom package. The vulnerability stems from attacker-controlled processing instruction data being serialized without validating or neutralizing the PI-closing sequence ?>, allowing injection of arbitrary XML nodes into the serialized output. Affected versions...

8.7CVSS5.8AI score0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/07 3:49 a.m.6 views

CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

8.7CVSS5.8AI score0.00414EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:49 a.m.3 views

CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

8.7CVSS5.8AI score0.00414EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/07 3:49 a.m.9 views

EUVD-2026-28290

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

8.7CVSS5.8AI score0.00414EPSS
Exploits0References4
Rows per page
Query Builder