Lucene search
+L

9421 matches found

redhatcve
redhatcve
added yesterday4 views

CVE-2026-49477

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
redhatcve
redhatcve
added yesterday4 views

CVE-2026-46640

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a vulnerability in the self. and import-alias dynamic attribute syntax. By concatenating a malicious string into a MacroReferenceExpression name without proper validation, the attacker can cause r...

8.8CVSS6.4AI score0.00335EPSS
Exploits0References2
nvd
nvd
added yesterday7 views

CVE-2026-61433

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS
Exploits0References3
cvelist
cvelist
added yesterday17 views

CVE-2026-59259 n8n - Permission Bypass via Expression Parser Mismatch in External Secrets

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS
Exploits0References2
nvd
nvd
added 2 days ago5 views

CVE-2026-46640

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.8CVSS0.00335EPSS
Exploits0References3
cve
cve
added 2 days ago76 views

CVE-2026-45065

CVE-2026-45065 affects Symfony’s UrlGenerator in the Symfony PHP framework. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters with a pattern built as ^ + raw requirement + $, and ungrouped alternations can cause middle alternatives to match as unanchore...

6.1CVSS6.1AI score0.00409EPSS
Exploits0References5Affected Software1
nuclei
nuclei
added 2 days ago219 views

Adobe Experience Manager - Expression Language Injection

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. id: CVE-2019-16469 info: name: Adobe Experience Manager - Expression Language Injection author: DomenicoVeneziano severity: high description: | Adobe Experience Manager versions...

7.5CVSS6.9AI score0.17186EPSS
Exploits0References3
nvd
nvd
added 3 days ago4 views

CVE-2026-55773

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expression injection via unescaped toCedarExpr. The...

8.8CVSS0.00294EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago32 views

CVE-2026-55773 CedarJava has a policy injection vulnerability

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expression injection via unescaped toCedarExpr. The...

8.8CVSS0.00294EPSS
Exploits0References1
osv
osv
added 3 days ago4 views

CVE-2026-55773 CedarJava has a policy injection vulnerability

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expression injection via unescaped toCedarExpr. The...

8.8CVSS6.1AI score0.00294EPSS
Exploits0References3
nuclei
nuclei
added 5 days ago38 views

n8n - Remote Code Execution via Expression Injection

n8n 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. id: CVE-2025-68613 info: name: n8n - Remote Code...

9.9CVSS7.6AI score0.97875EPSS
Exploits29References2
euvd
euvd
added last week11 views

EUVD-2026-35181

YesWiki has Unsafe eval in its Formula Calculato, Leading to Remote Code Execution & Denial of Service...

9.8CVSS6.1AI score0.00561EPSS
Exploits0References4
cve
cve
added last week12 views

CVE-2026-59209

n8n is an open source workflow automation platform. Affected versions prior to 1.123.61, 2.27.4, and 2.28.1 expose a vulnerability where an authenticated user with editor access to a shared workflow can read credential-populated headers via the $request object inside an HTTP Request node’s pagina...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References3Affected Software1
euvd
euvd
added last week7 views

EUVD-2026-42613

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References3
redhat
redhat
added last week5 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References5
snyk
snyk
added last week4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added last week4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added last week3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added last week5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added last week4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Rows per page
Query Builder