CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/01/30 7:12 p.m.•4 views

CVE-2025-11175 DiscussionTools should use better regex

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

8.8CVSS5.9AI score0.00015EPSS

Positive Technologies•added 2026/01/30 12:0 a.m.•5 views

PT-2026-5489

Name of the Vulnerable Software and Affected Versions AirControl version 1.4.2 Description AirControl version 1.4.2 has a pre-authentication remote code execution issue. Unauthenticated attackers can execute arbitrary system commands by injecting malicious Java expressions. The issue is exploitab...

9.8CVSS6.5AI score0.00272EPSS

Exploits0References5

Veracode•added 2026/01/29 4:49 p.m.•6 views

Incorrect Regular Expression

Hono is vulnerable to Incorrect Regular Expression. The vulnerability is due to improper validation of IPv4 octet ranges in the IP Restriction Middleware, which allows an attacker to craft malformed IP addresses to bypass IP-based access controls...

6.5CVSS5.9AI score0.00015EPSS

Exploits0References4Affected Software1

SUSE Linux•added 2026/01/29 10:34 a.m.•3 views

Security update for python

This update for python fixes the following issues: Modified CVE-2025-6075 fix to not use re.ASCII flag not available in Python 2.7 bsc1257064. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

2.5CVSS7.2AI score0.00021EPSS

GithubExploit•added 2026/01/28 9:4 p.m.•136 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

MITRE ATT&CK Threat Detection with Splunk Detection engineeri...

10CVSS6AI score0.94358EPSS

Exploits343

Github Security Blog•added 2026/01/27 3:30 p.m.•14 views

n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

Exploits1References6Affected Software1

NVD•added 2026/01/27 3:15 p.m.•7 views

CVE-2026-1470

9.9CVSS0.02265EPSS

Snyk•added 2026/01/27 2:48 p.m.•6 views

Eval Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Eval Injection during the Expression evaluation workflow. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not...

9.9CVSS9.2AI score0.02265EPSS

CVE•added 2026/01/27 2:23 p.m.•21 views

CVE-2026-1470

CVE-2026-1470 affects n8n: a critical Remote Code Execution in the workflow Expression evaluation system where expressions from authenticated users are evaluated in a runtime context that isn’t sufficiently isolated. This allows an authenticated attacker to execute arbitrary code with the n8n pro...

Exploits1References2Affected Software1

Vulnrichment•added 2026/01/27 2:23 p.m.•2 views

CVE-2026-1470 Authenticated users can bypass the Expression sandbox mechanism to achieve full remote code execution on n8n’s main node.

Cvelist•added 2026/01/27 2:23 p.m.•23 views

CVE-2026-1470 Authenticated users can bypass the Expression sandbox mechanism to achieve full remote code execution on n8n’s main node.

9.9CVSS0.02265EPSS

EUVD•added 2026/01/27 2:23 p.m.•5 views

EUVD-2026-4839

Packet Storm News•added 2026/01/27 12:0 a.m.•2 views

Burp Suite 2025.12.4 Extension Advanced ReDoS Detector

This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...

5.9AI score

Exploits0

CNNVD•added 2026/01/27 12:0 a.m.•4 views

n8n security vulnerabilities

n8n is an open-source, scalable workflow automation tool developed by n8n. n8n has a security vulnerability, which stems from insufficient isolation of the workflow expression evaluation system. This vulnerability could lead to remote code execution...

9.9CVSS6.1AI score0.02265EPSS

Exploits1References3

Broadcom•added 2026/01/27 12:0 a.m.•19 views

Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262)

The Spring Framework vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the Brocade SANnav 3.0.0...

8.1CVSS5.9AI score0.12634EPSS

Exploits2

ATTACKERKB•added 2026/01/22 1:23 a.m.•2 views

CVE-2026-23956

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...

7.5CVSS5.7AI score0.00068EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/01/22 1:23 a.m.•1 views

CVE-2026-23956 seroval affected by Denial of Service via RegExp serialization

7.5CVSS5.7AI score0.00068EPSS

Exploits0References3

OSV•added 2026/01/22 1:23 a.m.•2 views

CVE-2026-23956 seroval affected by Denial of Service via RegExp serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp...

7.5CVSS5.4AI score0.00068EPSS