Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,081 - 18,100 of 38,923 CVEs

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields (internalSubset, publicId, systemId) verbatim withou...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub

http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escapi...

Published: Apr 22, 2026
Source: NVD

An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frap...

Published: Apr 22, 2026
Source: NVD
CVE-2026-34066 MEDIUM - 5.3

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch)....

Vendor: nimiq
Product: nimiq-blockchain
Published: Apr 22, 2026
Source: NVD
CVE-2026-34065 HIGH - 7.5

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key....

Vendor: nimiq
Product: nimiq-primitives
Published: Apr 22, 2026
Source: NVD
CVE-2026-34064 MEDIUM - 5.3

nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but it constructs the error using `balance: self.balance - min_cap`. `Coi...

Vendor: nimiq
Product: nimiq-account
Published: Apr 22, 2026
Source: NVD
CVE-2026-34063 HIGH - 7.5

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer op...

Vendor: nimiq
Product: network-libp2p
Published: Apr 22, 2026
Source: NVD
CVE-2026-34062 MEDIUM - 5.3

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_ma...

Vendor: nimiq
Product: network-libp2p
Published: Apr 22, 2026
Source: NVD
CVE-2026-33471 CRITICAL - 9.6

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker ...

Vendor: nimiq
Product: nimiq-block
Published: Apr 22, 2026
Source: NVD

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating ...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41640 HIGH - 7.5

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using paramete...

Vendor: npm
Product: @nocobase/database
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41641 HIGH - 7.2

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollecti...

Vendor: npm
Product: @nocobase/plugin-collection-sql
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41650 MEDIUM - 6.1

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects....

Vendor: npm
Product: fast-xml-parser
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41645 MEDIUM - 5.3

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP respon...

Vendor: go
Product: github.com/projectdiscovery/nuclei/v3
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41646 MEDIUM - 5.5

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the default local file ...

Vendor: go
Product: github.com/projectdiscovery/nuclei/v3
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41644 HIGH - 7.1

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary UR...

Vendor: go
Product: github.com/monetr/monetr
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41591 MEDIUM - 6.4

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a <script> or <style> tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowe...

Vendor: npm
Product: marko
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41469 MEDIUM - 5.2

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP rem...

Vendor: Beghelli
Product: SicuroWeb (Sicuro24)
Published: Apr 22, 2026
Source: NVD
CVE-2026-41468 HIGH - 8.7

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution ...

Vendor: Beghelli
Product: SicuroWeb (Sicuro24)
Published: Apr 22, 2026
Source: NVD