CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•2 views

CVE-2026-40909

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

8.7CVSS5.7AI score0.0019EPSS

Exploits1References1

RedhatCVE•added yesterday•2 views

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS5.6AI score0.00018EPSS

RedhatCVE•added 4 days ago•13 views

CVE-2026-44573

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

7.5CVSS5.7AI score0.00052EPSS

Exploits1References4

NVD•added 4 days ago•8 views

CVE-2026-34907

5.1CVSS0.00047EPSS

ATTACKERKB•added 4 days ago•5 views

CVE-2026-34907

EUVD•added 4 days ago•7 views

Exploits0References3

EUVD-2026-33903

9.3CVSS5.7AI score0.00289EPSS

Cvelist•added 4 days ago•31 views

CVE-2026-34907 Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

5.1CVSS0.00047EPSS

Vulnrichment•added 4 days ago•6 views

CVE-2026-34907 Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

CVE•added 4 days ago•7 views

CVE-2026-34907

CVE-2026-34907 describes a Reflected Cross‑Site Scripting (XSS) vulnerability in Wirtualna Uczelnia caused by insecure handling of the locale parameter across multiple endpoints. An attacker can craft a URL with JavaScript in the locale parameter; when a victim opens the link, the injected script...

Positive Technologies•added 4 days ago•6 views

PT-2026-45724

Snyk•added 2026/05/20 3:35 p.m.•5 views

Exploits0References3

Incorrect Regular Expression

Overview Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'. An attacker can bypass security redirect restrictions by suppling a URL that passes any but...

8.7CVSS5.8AI score

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в node-moment

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability affects users of Moment.js on npm server versions between 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch the moment locale...

7.5CVSS6.6AI score0.01827EPSS

RedhatCVE•added 2026/05/13 8:22 p.m.•3 views

CVE-2026-41693

i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write the resulting fil...

8.2CVSS5.7AI score0.00052EPSS

ATTACKERKB•added 2026/05/12 9:20 p.m.•6 views

CVE-2026-44241

7.5CVSS6AI score0.00018EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/08 3:38 p.m.•5 views

CVE-2026-41693

8.2CVSS5.8AI score0.00052EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/08 3:38 p.m.•2 views

CVE-2026-41693 i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

8.2CVSS5.7AI score0.00052EPSS