CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Amazon•added 4 days ago•5 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00026EPSS

Exploits0

VulnCheck KEV•added 4 days ago•8 views

VulnCheck KEV: CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

8.8CVSS5.6AI score0.04075EPSS

In wildExploits4References6

Positive Technologies•added 4 days ago•6 views

PT-2026-47333

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode form part/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename,...

2.1CVSS5.6AI score0.00021EPSS

Exploits0References5

OPENSUSE Linux•added 4 days ago•3 views

Security update for perl-XML-LibXML (important)

openSUSE security update: security update for perl-xml-libxml ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20908-1 Rating: important References: bsc1264715 Cross-References: CVE-2026-8177 CVSS scores: CVE-2026-8177 SUSE : 8.2...

8.2CVSS5.4AI score0.00026EPSS

RedhatCVE•added 5 days ago•11 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

FreeBSD•added 5 days ago•3 views

p5-ack -- Multiple issues

Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project .ackrc -A -B -C memory exhaustion CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration...

5.4AI score

EUVD•added 6 days ago•7 views

EUVD-2026-34920

Tenable Nessus•added 6 days ago•4 views

EulerOS Virtualization 2.13.1 : httpd (EulerOS-SA-2026-2131)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

8.3CVSS5.6AI score0.00145EPSS

Tenable Nessus•added 6 days ago•5 views

EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2026-2170)

8.3CVSS5.6AI score0.00145EPSS

NVD•added 2026/06/05 10:16 p.m.•6 views

CVE-2026-11416

8.1CVSS0.00062EPSS

CVE•added 2026/06/05 9:42 p.m.•14 views

CVE-2026-11416

Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...

Vulnrichment•added 2026/06/05 9:42 p.m.•5 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

ATTACKERKB•added 2026/06/05 9:42 p.m.•6 views

CVE-2026-11416

Cvelist•added 2026/06/05 9:42 p.m.•29 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

8.1CVSS0.00062EPSS

RedhatCVE•added 2026/06/05 7:51 p.m.•4 views

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.4AI score0.00034EPSS

RedhatCVE•added 2026/06/05 7:50 p.m.•5 views

CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.6AI score0.00099EPSS

RedhatCVE•added 2026/06/05 7:49 p.m.•6 views

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

7.5CVSS5.6AI score0.0002EPSS

RedhatCVE•added 2026/06/05 7:45 p.m.•6 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS5.7AI score0.00028EPSS