CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1272 matches found

RedhatCVE•added 2026/03/02 12:37 p.m.•2 views

CVE-2026-2293

A flaw was found in NestJS. When a NestJS application uses @nestjs/platform-fastify with Fastify path-normalization options enabled, a remote attacker can exploit this to bypass authentication and authorization middleware. This bypass allows unauthorized access to protected resources, compromisin...

8.2CVSS5.9AI score0.00431EPSS

Exploits1References6

NVD•added 2026/03/02 12:16 p.m.•2 views

CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

9.4CVSS0.00037EPSS

Exploits0References2

CVE•added 2026/03/02 11:15 a.m.•7 views

CVE-2025-30044

CVE-2025-30044 affects endpoints under CliniNET.prd/utils (usrlogstat_simple.pl, usrlogstat.pl, userlogstat2.pl, dblogstat.pl). The issue is insufficient input normalization on parameters, enabling code injection. According to the provided metrics, the vulnerability has CRITICAL impact with HIGH ...

9.4CVSS6AI score0.00037EPSS

Exploits0References2

EUVD•added 2026/03/02 11:15 a.m.•2 views

EUVD-2025-208148

9.4CVSS6AI score0.00047EPSS

Exploits0References2

Vulnrichment•added 2026/03/02 11:15 a.m.•2 views

CVE-2025-30044 RCE on uhcapache user permissions

9.4CVSS6AI score0.00037EPSS

Exploits0References2

CNNVD•added 2026/03/02 12:0 a.m.•2 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from incorrect Unicode normalization in multiple locations. These vulnerabilities may bypass the file path filters designed to prevent access...

7.8CVSS5.8AI score0.00003EPSS

Exploits0References2

Positive Technologies•added 2026/03/02 12:0 a.m.•1 views

PT-2026-22575

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

9.4CVSS6AI score0.00047EPSS

Exploits0References3

OSV•added 2026/03/01 12:0 a.m.•4 views

ASB-A-377888957

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.8CVSS6.1AI score0.00003EPSS

Exploits0References2

RedhatCVE•added 2026/02/28 7:45 p.m.•3 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS5.9AI score0.00087EPSS

Exploits0References1

EUVD•added 2026/02/28 2:47 a.m.•2 views

EUVD-2026-9049

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...

8.2CVSS5.9AI score0.00087EPSS

Exploits0References6

OSV•added 2026/02/28 2:47 a.m.•3 views

GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

8.2CVSS6AI score0.00087EPSS

Exploits0References7

Github Security Blog•added 2026/02/28 2:47 a.m.•5 views

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

9.1CVSS6AI score0.00087EPSS

Exploits0References7Affected Software1

Snyk•added 2026/02/27 9:24 p.m.•2 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via the middleware matching engine when router options like ignoreDuplicateSlashes, useSemicolonDelimiter, or other trailing-slash normalization are enabled. An...

9.1CVSS6AI score0.00087EPSS

Exploits0References2

OSV•added 2026/02/27 7:16 p.m.•2 views

CVE-2026-2880

9.1CVSS5.8AI score

Exploits0References1

NVD•added 2026/02/27 7:16 p.m.•1 views

CVE-2026-2880

9.1CVSS0.00087EPSS

Exploits0References1

Github Security Blog•added 2026/02/27 6:31 p.m.•4 views

Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...

9.8CVSS5.8AI score0.00431EPSS

Exploits1References5Affected Software1

EUVD•added 2026/02/27 6:31 p.m.•2 views

EUVD-2026-9034

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...

8.2CVSS5.9AI score0.00431EPSS

Exploits1References4

OSV•added 2026/02/27 6:31 p.m.•2 views

GHSA-7Q64-3RG2-H9PF Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

8.2CVSS5.8AI score0.00431EPSS

Exploits1References4