VYPR
Vendor

NaturalIntelligence

Products
3
CVEs
10
Across products
10
Status
Private

Products

3

Recent CVEs

10
  • CVE-2026-44664MedMay 13, 2026
    risk 0.40cvss 6.1epss 0.00

    fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->...), allowing an attacker to break out…

  • CVE-2026-44665MedMay 13, 2026
    risk 0.33cvss 6.1epss 0.00

    fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the…

  • CVE-2026-33349Mar 24, 2026
    risk 0.00cvss epss 0.00

    fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration…

  • CVE-2026-33036Mar 20, 2026
    risk 0.00cvss epss 0.01

    fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (&#NNN;, &#xHH;) and standard XML entities completely evade the entity…

  • CVE-2026-27942Feb 26, 2026
    risk 0.00cvss epss 0.00

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8…

  • CVE-2026-25896Feb 20, 2026
    risk 0.00cvss epss 0.00

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an…

  • CVE-2026-26278Feb 19, 2026
    risk 0.00cvss epss 0.01

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML…

  • CVE-2026-25128Jan 30, 2026
    risk 0.00cvss epss 0.01

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing…

  • CVE-2024-41818Jul 29, 2024
    risk 0.00cvss epss 0.01

    fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

  • CVE-2023-34104Jun 6, 2023
    risk 0.00cvss epss 0.01

    fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can…