CVE-2026-27942
- EPSS 0.05%
- Veröffentlicht 26.02.2026 01:22:11
- Zuletzt bearbeitet 02.03.2026 14:54:48
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `prese...
CVE-2026-25896
- EPSS 0.04%
- Veröffentlicht 20.02.2026 21:19:27
- Zuletzt bearbeitet 02.03.2026 14:54:02
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entit...
CVE-2026-26278
- EPSS 0.06%
- Veröffentlicht 19.02.2026 19:40:55
- Zuletzt bearbeitet 23.02.2026 19:30:26
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansi...
CVE-2026-25128
- EPSS 0.05%
- Veröffentlicht 30.01.2026 15:14:58
- Zuletzt bearbeitet 27.02.2026 20:22:44
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fa...
CVE-2023-26920
- EPSS 0.21%
- Veröffentlicht 12.12.2023 17:15:07
- Zuletzt bearbeitet 21.11.2024 07:52:04
fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.