CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/09 11:47 p.m.•35 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS0.00257EPSS

NVD•added 2026/06/09 5:17 p.m.•6 views

CVE-2026-42567

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

7.5CVSS0.00421EPSS

EUVD•added 2026/06/09 4:22 p.m.•6 views

EUVD-2026-35702

5.9CVSS5.3AI score0.00421EPSS

CVE•added 2026/06/09 4:22 p.m.•13 views

CVE-2026-42567

CVE-2026-42567 affects Svelte runtimes from 5.51.5 up to 5.55.6, where an internal regex used during svelte:element tag validation can cause exponential-time processing (ReDoS) on certain tag names. The issue is triggered during the validation of , leading to significant CPU usage and potential...

7.5CVSS5.3AI score0.00421EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2026/06/09 11:19 a.m.•6 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00455EPSS

Exploits0References5

RedHat Linux•added 2026/06/09 11:18 a.m.•4 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

7.5CVSS6.1AI score0.00455EPSS

Exploits0References5

RedhatCVE•added 2026/06/09 2:58 a.m.•12 views

CVE-2026-11478

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.8AI score0.00113EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-48341

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

9.8CVSS5.7AI score0.00438EPSS

Exploits0References4

Snyk•added 2026/06/09 12:0 a.m.•5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00257EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-48312

5.9CVSS5.5AI score0.00257EPSS

Github Security Blog•added 2026/06/08 11:8 p.m.•7 views

nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

5.5AI score0.00052EPSS

Exploits0References4Affected Software1

CVE•added 2026/06/08 6:24 p.m.•20 views

CVE-2026-52778

YesWiki (PHP-based wiki) exposes a vulnerability in the Bazar form field calculator (CalcField.php) present before version 4.6.6. The code attempts to sanitize user-defined mathematical formulas using a complex recursive regex prior to passing them to PHP eval(), creating a surface for Regular Ex...

9.8CVSS6AI score0.00561EPSS

Exploits0References3

NVD•added 2026/06/08 4:16 p.m.•9 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS0.00505EPSS

OSV•added 2026/06/08 4:16 p.m.•5 views

UBUNTU-CVE-2026-44631

AlpineLinux•added 2026/06/08 3:19 p.m.•9 views

Exploits0References5

CVE-2026-44631

Vulnrichment•added 2026/06/08 3:19 p.m.•8 views

Exploits0

CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

5.4AI score0.00505EPSS

ATTACKERKB•added 2026/06/08 3:19 p.m.•7 views

CVE-2026-44631

5.4AI score0.00505EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/08 3:19 p.m.•6 views

EUVD-2026-35095

CVE•added 2026/06/08 3:19 p.m.•204 views

CVE-2026-44631

CVE-2026-44631 describes a Buffer Underwrite in the Apache HTTP Server when processing crafted regular expressions in its configuration. The issue affects Apache httpd from version 2.4.0 through 2.4.67. The advisory recommends upgrading to version 2.4.68, which contains the fix. The provided conn...