CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 1 hour ago•4 views

CVE-2026-46392

8.7CVSS5.5AI score

Cvelist•added 1 hour ago•4 views

CVE-2026-46392 HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation

8.7CVSS

Positive Technologies•added 20 hours ago•2 views

PT-2026-47029

8.7CVSS

Exploits0References2

RedhatCVE•added yesterday•7 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

Github Security Blog•added 2 days ago•8 views

Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

5.8AI score

Exploits0References3Affected Software1

Positive Technologies•added 2 days ago•7 views

PT-2026-46100

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score

NVD•added 3 days ago•8 views

CVE-2026-48598

2.1CVSS0.00014EPSS

Cvelist•added 3 days ago•26 views

CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

2.1CVSS0.00014EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-48598

Exploits0References5Affected Software1

EUVD•added 3 days ago•7 views

EUVD-2026-34012

Vulnrichment•added 3 days ago•4 views

CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

CVE•added 3 days ago•10 views

CVE-2026-48598

The CVE-2026-48598 entry affects the Elixir Tesla library, specifically Tesla.Multipart.part_headers_for_disposition/1. The vulnerability arises from improper encoding of disposition parameters, treating each parameter as k="v" without sanitizing CR (\r), LF (\n), or double-quote characters. Mali...

OSV•added 3 days ago•5 views

EEF-CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Summary Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, ...

Positive Technologies•added 3 days ago•5 views

PT-2026-45841

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part headers for disposition/1 interpolates each disposition parameter as k="v" with no validation of CR r, LF , o...

Cvelist•added 2026/05/27 2:26 p.m.•35 views

Exploits0References5

CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

6.1CVSS0.00031EPSS

Exploits0References3

Github Security Blog•added 2026/05/27 12:37 a.m.•13 views

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

5.7AI score

Exploits0References3Affected Software1

Snyk•added 2026/05/27 12:37 a.m.•7 views

Interpretation Conflict

Overview @hapi/content is a HTTP Content- headers parsing Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of duplicate parameters in the Content.disposition and Content.type functions. An attacker can bypass upload filename allowlists or...

8.6CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-44139

Description SymfonyComponentMimeHeaderParameterizedHeader and the related parameter handling reachable from SymfonyComponentMimeHeaderHeaders is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g. Content-Disposition:...

7.1CVSS5.8AI score

Exploits0References6

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43630

7.7CVSS5.7AI score