CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5376 matches found

ATTACKERKB•added 2026/02/09 6:49 p.m.•4 views

CVE-2026-25480

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

6.5CVSS5.6AI score0.00412EPSS

Exploits1References5Affected Software1

OSV•added 2026/02/09 6:49 p.m.•5 views

CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

6.5CVSS5.7AI score0.00412EPSS

Exploits1References6

CVE•added 2026/02/09 6:49 p.m.•10 views

CVE-2026-25480

Litestar prior to 2.20.0 uses FileStore cache keys derived from Unicode NFKD normalization and ord() substitution without separators, enabling cache key collisions when used as a response-cache backend. An unauthenticated remote attacker can craft paths to trigger collisions, causing one URL to s...

6.5CVSS5.6AI score0.00412EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/09 5:19 p.m.•4 views

GHSA-VXQX-RH46-Q2PG Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Summary FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remote attacker can trigger cache key collisions via crafted paths, causing one UR...

6.5CVSS5.7AI score0.00412EPSS

Exploits1References6

Github Security Blog•added 2026/02/09 5:19 p.m.•7 views

Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

6.5CVSS5.7AI score0.00412EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2026/02/07 7:31 p.m.•4 views

CVE-2026-1337

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

5.4CVSS5.2AI score0.002EPSS

Exploits2References1

Snyk•added 2026/02/06 3:31 p.m.•1 views

Improper Output Neutralization for Logs

Overview org.neo4j:neo4j is a Neo4j is a graph database management system developed by Neo4j, Inc. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to insufficient escaping of unicode characters in query.log output. A user can inject a malicious log...

5.4CVSS5.5AI score0.002EPSS

Exploits2References2

Github Security Blog•added 2026/02/06 3:31 p.m.•6 views

Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log

5.4CVSS5.2AI score0.002EPSS

Exploits2References3Affected Software1

OSV•added 2026/02/06 3:31 p.m.•4 views

GHSA-XR72-G735-4VWP Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log

2CVSS5.2AI score0.002EPSS

Exploits2References3

OSV•added 2026/02/06 2:16 p.m.•6 views

CVE-2026-1337

5.4CVSS5.8AI score0.002EPSS

Exploits2References1

NVD•added 2026/02/06 2:16 p.m.•6 views

CVE-2026-1337

5.4CVSS0.002EPSS

Exploits2References1

ATTACKERKB•added 2026/02/06 1:13 p.m.•6 views

CVE-2026-1337

2CVSS5.2AI score0.002EPSS

Exploits2References1

EUVD•added 2026/02/06 1:13 p.m.•5 views

EUVD-2026-5683

2CVSS5.2AI score0.002EPSS

Exploits2References1

Vulnrichment•added 2026/02/06 1:13 p.m.•5 views

CVE-2026-1337 Insufficient escaping of unicode characters in query log

2CVSS5.2AI score0.002EPSS

Exploits2References1

Cvelist•added 2026/02/06 1:13 p.m.•28 views

CVE-2026-1337 Insufficient escaping of unicode characters in query log

2CVSS0.002EPSS

Exploits2References1

CVE•added 2026/02/06 1:13 p.m.•19 views

CVE-2026-1337

Neo4j Enterprise and Community editions prior to 2026.01 are affected by CVE-2026-1337 due to insufficient escaping of Unicode in the query log, enabling potential XSS if logs are opened by a tool that treats them as HTML. The advisory states there is no intrinsic security impact on Neo4j product...

5.4CVSS5.2AI score0.002EPSS

Exploits2References1Affected Software1

AlpineLinux•added 2026/02/06 1:13 p.m.•3 views

CVE-2026-1337

5.4CVSS5.5AI score0.002EPSS

Exploits2References1

CNNVD•added 2026/02/06 12:0 a.m.•3 views

Neo4j 安全漏洞

Neo4j is a Java-based graph database developed by the American company Neo4j Inc. It is fully compatible with ACID standards and supports data migration and add-ons. Versions of Neo4j Enterprise and Neo4j Community prior to version 2026.01 contained security vulnerabilities. These vulnerabilities...

5.4CVSS5.7AI score0.002EPSS

Exploits2References1

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6724

Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...

5.4CVSS5AI score0.002EPSS

Exploits2References6

Tenable Nessus•added 2026/02/06 12:0 a.m.•2 views

SUSE SLES16 Security Update : glib2 (SUSE-SU-2026:20221-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20221-1 advisory. - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. -...

5.4CVSS6.1AI score0.00396EPSS

Exploits1References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by