CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

ATTACKERKB•added 2026/05/13 4:48 p.m.•5 views

CVE-2026-44573

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...

7.5CVSS5.8AI score0.00052EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/13 4:48 p.m.•12 views

CVE-2026-44573

CVE-2026-44573 affects Next.js (Pages Router with i18n). From 12.2.0 up to but not including 15.5.16 and 16.2.5, middleware/proxy-based authorization can be bypassed for locale-less /_next/data//.json requests, allowing retrieval of SSR JSON for protected pages without authorization checks. The u...

7.5CVSS5.8AI score0.00052EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/13 4:48 p.m.•24 views

CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n

7.5CVSS0.00052EPSS

Exploits1References1

Positive Technologies•added 2026/05/08 12:0 a.m.•7 views

PT-2026-39269

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI fails to apply the REDIS KEY PREFIX to the tool servers and terminal servers keys within the utils/tools.py file. In deployments where multiple instances share a single Redis...

8.7CVSS5.8AI score0.00037EPSS

Exploits1References6

RedhatCVE•added 2025/12/11 11:4 p.m.•1 views

CVE-2025-66400

A flaw was found in mdast-util-to-hast. This vulnerability allows rendered user supplied markdown Markdown code elements to appear like the rest of the page via character references. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Re...

6.9CVSS6AI score0.00086EPSS

Exploits0References6

Veracode•added 2025/12/11 6:58 p.m.•2 views

Improper Input Sanitization

mdast-util-to-hast is vulnerable to Improper Input Sanitization. The vulnerability is due to the utility allowing multiple unprefixed classnames to be injected via character references in markdown, which allows an attacker to disguise malicious code elements so they appear as trusted parts of the...

6.9CVSS6.9AI score0.00086EPSS

Exploits0References4Affected Software1

OSV•added 2025/12/02 1:25 a.m.•2 views

GHSA-4FH9-H7WG-Q85M mdast-util-to-hast has unsanitized class attribute

Impact Multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. The following markdown: markdown jsxss Would create If your page then applied .xss classes or...

6.9CVSS5.8AI score0.00086EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-30090

Malicious code in bioql PyPI...

9.8CVSS7.9AI score0.00039EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 3:28 a.m.•3 views

CVE-2023-26266

In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution...

7.3CVSS7.1AI score0.00039EPSS

Exploits1References1