CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6660 matches found

CVE-2026-56301

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS

Exploits0References5Affected Software1

RedHat Linux•added 6 days ago•4 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

4.3CVSS5.8AI score0.00278EPSS

Exploits0References5

Positive Technologies•added 6 days ago•13 views

PT-2026-51509

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...

6.8CVSS5.9AI score0.00103EPSS

Exploits0References11

Tenable Nessus•added 6 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-50555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

8.6CVSS6AI score0.00167EPSS

Exploits0References3

Tenable Nessus•added 6 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50170

8.2CVSS5.9AI score0.00303EPSS

Exploits0References3

Tenable Nessus•added 6 days ago•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54267

8.6CVSS5.9AI score0.00179EPSS

Exploits0References3

Tenable Nessus•added 6 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54266

8.8CVSS6AI score0.0009EPSS

Exploits0References3

Github Security Blog•added last week•7 views

Gogs has Stored XSS in `.ipynb` Preview

Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...

8.9CVSS5.8AI score0.00429EPSS

Exploits0References5Affected Software1

Github Security Blog•added last week•6 views

Gogs has DoS in rendering issue index pattern

Summary Special template of issue index pattern may cause panic. Details in internal/markup/markup.go go link = fmt.Sprintf%s, com.Expandmetas"format", metas, m Issue index pattern is rendered to link with com.Expand. However, com.Expand is not safe. go i = strings.Indextemplate, "" if s, ok :=...

3.5CVSS5.8AI score0.00284EPSS

Exploits0References5Affected Software1

NVD•added last week•10 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS0.0016EPSS

Exploits1References1

NVD•added last week•8 views

CVE-2026-54299

Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming...

7.5CVSS0.00196EPSS

Exploits0References1

NVD•added last week•17 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS0.00177EPSS

Exploits1References1

OSV•added last week•5 views

DEBIAN-CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

6.1CVSS5.9AI score0.00194EPSS

Exploits0References1

OSV•added last week•4 views

DEBIAN-CVE-2026-50555

6.1CVSS6AI score0.00167EPSS

Exploits0References1

NVD•added last week•10 views

CVE-2026-50556

8.6CVSS0.00194EPSS

Exploits0References3

NVD•added last week•10 views

CVE-2026-50555

8.6CVSS0.00167EPSS

Exploits0References2

NVD•added last week•9 views

CVE-2026-50170

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The...

8.2CVSS0.00303EPSS

Exploits0References2

OSV•added last week•4 views

DEBIAN-CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

6.1CVSS5.8AI score0.00165EPSS

Exploits0References1

NVD•added last week•9 views

CVE-2026-46417

8.8CVSS0.00165EPSS

Exploits0References2

ATTACKERKB•added last week•4 views

CVE-2026-54299

7.5CVSS6AI score0.00196EPSS

Exploits0References2Affected Software1

Rows per page