CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/26 3:16 p.m.•3 views

BIT-NEO4J-2026-1337 Insufficient escaping of unicode characters in query log

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

5.4CVSS5.5AI score0.00012EPSS

Exploits2References2

Tenable Nessus•added 2026/02/13 12:0 a.m.•3 views

Neo4j < 2026.01 XSS Vulnerability (CVE-2026-1337)

According to its its self-reported version number, the version of Neo4j running on the remote host is a version prior to 2026.01. It is, therefore, affected by a XSS vulnerability where Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions. Note that...

5.4CVSS6AI score0.00012EPSS

Exploits2References2

Tenable Nessus•added 2026/02/13 12:0 a.m.•4 views

Neo4j < 5.26.21 Information Disclosure Vulnerability (CVE-2026-1622)

According to its self-reported version number, the version of Neo4j running on the remote host is a version prior to 5.26.21. It is, therefore, affected by a information disclosure vulnerability where The obfuscateliterals option in the query logs does not redact error information, exposing...

RedhatCVE•added 2026/02/07 7:31 p.m.•2 views

Exploits0References2

CVE-2026-1337

5.4CVSS5.2AI score0.00012EPSS

Vulnrichment•added 2026/02/06 1:13 p.m.•3 views

CVE-2026-1337 Insufficient escaping of unicode characters in query log

2CVSS5.2AI score0.00012EPSS

CVE•added 2026/02/06 1:13 p.m.•12 views

CVE-2026-1337

Neo4j Enterprise and Community editions prior to 2026.01 are affected by CVE-2026-1337 due to insufficient escaping of Unicode in the query log, enabling potential XSS if logs are opened by a tool that treats them as HTML. The advisory states there is no intrinsic security impact on Neo4j product...

5.4CVSS5.2AI score0.00012EPSS

Exploits2References1Affected Software1

Cvelist•added 2026/02/06 1:13 p.m.•24 views

CVE-2026-1337 Insufficient escaping of unicode characters in query log

2CVSS0.00012EPSS

Positive Technologies•added 2026/02/06 12:0 a.m.•1 views

PT-2026-6724

Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...

5.4CVSS5AI score0.00012EPSS

Exploits2References6

CNNVD•added 2026/02/06 12:0 a.m.•2 views

Neo4j 安全漏洞

Neo4j is a Java-based graph database developed by the American company Neo4j Inc. It is fully compatible with ACID standards and supports data migration and add-ons. Versions of Neo4j Enterprise and Neo4j Community prior to version 2026.01 contained security vulnerabilities. These vulnerabilities...

5.4CVSS5.7AI score0.00012EPSS

OSV•added 2026/02/04 12:31 p.m.•1 views

GHSA-4J3G-RWWQ-4P54 Neo4j Enterprise and Community vulnerable to a potential information disclosure

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...

4.8CVSS5.9AI score0.00006EPSS

Exploits0References3

Github Security Blog•added 2026/02/04 12:31 p.m.•4 views

Neo4j Enterprise and Community vulnerable to a potential information disclosure

Exploits0References3Affected Software1

NVD•added 2026/02/04 10:16 a.m.•4 views

CVE-2026-1622

4.8CVSS0.00006EPSS

Cvelist•added 2026/02/04 9:14 a.m.•27 views

CVE-2026-1622 Unredacted data exposure in query.log

4.8CVSS0.00006EPSS

ATTACKERKB•added 2026/02/04 9:14 a.m.•3 views

CVE-2026-1622

Exploits0References2Affected Software2

EUVD•added 2026/02/04 9:14 a.m.•1 views

EUVD-2026-5512

Vulnrichment•added 2026/02/04 9:14 a.m.•2 views

CVE-2026-1622 Unredacted data exposure in query.log

CVE•added 2026/02/04 9:14 a.m.•7 views

CVE-2026-1622

Neo4j Enterprise and Community editions prior to 2026.01.3 and 5.26.21 are affected by CVE-2026-1622. The vulnerability stems from the obfuscate_literals setting in query logs failing to redact error information, allowing a user with access to local log files to view unredacted data when queries ...

Positive Technologies•added 2026/02/04 12:0 a.m.•3 views

PT-2026-6049

Name of the Vulnerable Software and Affected Versions Neo4j Enterprise and Community editions versions prior to 2026.01.3 and versions prior to 5.26.21 Description The obfuscate literals option in query logs does not redact error information, potentially exposing unredacted data when a query fail...

4.8CVSS5.4AI score0.00006EPSS

Exploits0References5

CNNVD•added 2026/02/04 12:0 a.m.•2 views

Neo4j Enterprise Edition和Neo4j Community Edition 安全漏洞

Neo4j Enterprise Edition and Neo4j Community Edition are both graph database products developed by the American company Neo4j. Versions of Neo4j Enterprise and Neo4j Community before 2026.01.3 and versions prior to 5.26.21 have security vulnerabilities. These vulnerabilities stem from incorrect...

4.8CVSS5.8AI score0.00006EPSS