CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/03 1:0 p.m.•6 views

UBUNTU-CVE-2026-8404

5.3CVSS5.3AI score0.00285EPSS

EUVD•added 2026/06/03 5:56 a.m.•15 views

EUVD-2026-34067

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS

Cvelist•added 2026/06/03 5:56 a.m.•42 views

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

5.3CVSS0.00246EPSS

Fedora•added 2026/06/03 1:18 a.m.•13 views

[SECURITY] Fedora 43 Update: python-wsgidav-4.3.4-1.fc43

A generic and extendable WebDAV server written in Python and based on WSGI. Main features: =E2=80=A2 WsgiDAV is a stand-alone WebDAV server with SSL support, that can be installed and run as Python command line script. =E2=80=A2 The python-pam library is needed as extra requirement if pam-login...

5.8AI score0.00072EPSS

Exploits0

Fedora•added 2026/06/03 12:52 a.m.•11 views

[SECURITY] Fedora 44 Update: python-wsgidav-4.3.4-1.fc44

5.8AI score0.00072EPSS

Exploits0

Positive Technologies•added 2026/06/03 12:0 a.m.•13 views

PT-2026-45938

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description An issue exists in django.middleware.cache.UpdateCacheMiddleware where the Authorization header is not added to the Vary response header for requests that include that...

5.3CVSS5.5AI score0.00359EPSS

Exploits0References40

CNNVD•added 2026/06/03 12:0 a.m.•4 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 5.2.15 and 6.0.6 contained security vulnerabilities. These vulnerabilities...

3.1CVSS5.4AI score0.00359EPSS

Exploits0References3

Tenable Nessus•added 2026/06/03 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-44573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...

7.5CVSS5.8AI score0.00351EPSS

Exploits1References2

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-45949

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description An issue exists in django.middleware.cache.UpdateCacheMiddleware where Cache-Control response directives are not matched case-insensitively. This allows remote attacker...

5.3CVSS5.5AI score0.00359EPSS

Exploits0References40

Tenable Nessus•added 2026/06/03 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-45109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing...

7.5CVSS5.8AI score0.01048EPSS

RedhatCVE•added 2026/06/02 11:53 p.m.•15 views

CVE-2026-44575

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.7AI score0.01048EPSS

RedhatCVE•added 2026/06/02 11:53 p.m.•13 views

CVE-2026-44574

A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could...

8.1CVSS5.6AI score0.00383EPSS

Exploits2References4

EUVD•added 2026/06/02 7:8 p.m.•14 views

EUVD-2026-34015

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

Vulnrichment•added 2026/06/02 7:8 p.m.•7 views

CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

CVE•added 2026/06/02 7:8 p.m.•26 views

CVE-2026-48594

The CVE-2026-48594 issue affects elixir-tesla/tesla: when Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is used, HTTP responses are decompressed eagerly without a size cap. The decompress_body/2 path passes the full body to :zlib.gunzip/1 or :zlib.unzip/1, and compression_al...

OSV•added 2026/06/02 7:8 p.m.•10 views

EEF-CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline...