Total CVEs

145,959

Critical Severity

4,294

High Severity

15,797

Last 7 Days

2,214
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,521 - 21,540 of 42,364 CVEs

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields (internalSubset, publicId, systemId) verbatim withou...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub

http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escapi...

Published: Apr 22, 2026
Source: NVD

An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frap...

Published: Apr 22, 2026
Source: NVD
CVE-2026-34066 MEDIUM - 5.3

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch)....

Vendor: nimiq
Product: nimiq-blockchain
Published: Apr 22, 2026
Source: NVD
CVE-2026-34065 HIGH - 7.5

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key....

Vendor: nimiq
Product: nimiq-primitives
Published: Apr 22, 2026
Source: NVD
CVE-2026-34064 MEDIUM - 5.3

nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but it constructs the error using `balance: self.balance - min_cap`. `Coi...

Vendor: nimiq
Product: nimiq-account
Published: Apr 22, 2026
Source: NVD
CVE-2026-34063 HIGH - 7.5

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer op...

Vendor: nimiq
Product: network-libp2p
Published: Apr 22, 2026
Source: NVD
CVE-2026-34062 MEDIUM - 5.3

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_ma...

Vendor: nimiq
Product: network-libp2p
Published: Apr 22, 2026
Source: NVD
CVE-2026-33471 CRITICAL - 9.6

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker ...

Vendor: nimiq
Product: nimiq-block
Published: Apr 22, 2026
Source: NVD

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating ...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41640 HIGH - 7.5

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using paramete...

Vendor: npm
Product: @nocobase/database
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41641 HIGH - 7.2

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollecti...

Vendor: npm
Product: @nocobase/plugin-collection-sql
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41650 MEDIUM - 6.1

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects....

Vendor: npm
Product: fast-xml-parser
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41645 MEDIUM - 5.3

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP respon...

Vendor: go
Product: github.com/projectdiscovery/nuclei/v3
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41646 MEDIUM - 5.5

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the default local file ...

Vendor: go
Product: github.com/projectdiscovery/nuclei/v3
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41644 HIGH - 7.1

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary UR...

Vendor: go
Product: github.com/monetr/monetr
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41591 MEDIUM - 6.4

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a <script> or <style> tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowe...

Vendor: npm
Product: marko
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41469 MEDIUM - 5.2

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP rem...

Vendor: Beghelli
Product: SicuroWeb (Sicuro24)
Published: Apr 22, 2026
Source: NVD