CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18991 matches found

CVE-2026-56321

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS

Exploits0References2

NVD•added 2 days ago•6 views

CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00014EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00014EPSS

Exploits0References2Affected Software1

Cvelist•added 2 days ago•31 views

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

4.8CVSS0.00014EPSS

Exploits0References1

CVE•added 2 days ago•18 views

CVE-2026-54289

CVE-2026-54289 — Hono Lambda@Edge header handling : On AWS Lambda@Edge, prior to 4.12.25, CloudFront may deliver repeated headers as multiple entries. The Hono Lambda@Edge adapter uses Headers.set for each value, overwriting the previous one, so only the last value reaches the application. Header...

4.8CVSS5.9AI score0.00014EPSS

Exploits0References1

NVD•added 5 days ago•7 views

CVE-2026-32208

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an authorized attacker to perform spoofing over a network...

8.8CVSS

Exploits0References1

Cvelist•added 5 days ago•15 views

CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

8.8CVSS

Exploits0References1

Vulnrichment•added 5 days ago•4 views

CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

8.8CVSS5.8AI score

Exploits0References1

EUVD•added 5 days ago•7 views

EUVD-2026-38085

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an authorized attacker to perform spoofing over a network...

8.8CVSS5.8AI score

Exploits0References1

CVE•added 5 days ago•19 views

CVE-2026-32208

CVE-2026-32208 is a cross-site scripting vulnerability in Microsoft Edge (Chromium-based) caused by improper neutralization of input during web page generation, enabling an authorized attacker to spoof users over a network. Affected product: Microsoft Edge (Chromium-based). Impact is rated High f...

8.8CVSS5.8AI score

Exploits0References1Affected Software1

Cvelist•added 5 days ago•19 views

CVE-2026-48794 Authelia has an Edge Case Access Control Rule Mismatch

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00043EPSS

Exploits0References2

CVE•added 5 days ago•15 views

CVE-2026-48794

CVE-2026-48794 affects Authelia (versions 4.36.0–4.39.19). A domain canonicalization edge case can cause an access control rule to be skipped when it should match a request, under very specific conditions involving forwarded authorization, multi-segment subdomains (e.g., a.b.example.com vs exampl...

2.3CVSS5.8AI score0.00043EPSS

Exploits0References2