Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12968 matches found

CVE
CVEadded 2026/03/12 7:14 p.m.5 views

CVE-2026-32248

Parse Server suffers an account takeover vulnerability (CVE-2026-32248) due to operator injection in the authentication data identifier. Before versions 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can crafted-login cause a pattern-matching query instead of an exact match, allowing them...

9.8CVSS5.8AI score0.001EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/12 7:14 p.m.1 views

CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.3CVSS5.8AI score0.001EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/12 7:14 p.m.2 views

CVE-2026-32248

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.3CVSS5.8AI score0.001EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linuxadded 2026/03/12 7:2 p.m.2 views

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 7:2 p.m.0 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00059EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 7:2 p.m.0 views

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits3References5
RedHat Linux
RedHat Linuxadded 2026/03/12 7:2 p.m.2 views

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.2AI score0.00059EPSS
Exploits3References4
RedHat Linux
RedHat Linuxadded 2026/03/12 6:8 p.m.0 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00059EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 6:8 p.m.0 views

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits3References5
RedHat Linux
RedHat Linuxadded 2026/03/12 6:8 p.m.2 views

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.2AI score0.00059EPSS
Exploits3References4
RedHat Linux
RedHat Linuxadded 2026/03/12 6:8 p.m.0 views

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/12 4:37 p.m.1 views

EUVD-2026-11342

Parse Server has a SQL injection via query field name when using PostgreSQL...

5.1CVSS5.8AI score0.00043EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/03/12 4:37 p.m.7 views

Parse Server has a SQL injection via query field name when using PostgreSQL

Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation...

5.1CVSS5.8AI score0.00043EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/12 4:37 p.m.1 views

GHSA-C442-97QW-J6C6 Parse Server has a SQL injection via query field name when using PostgreSQL

Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation...

5.1CVSS5.8AI score0.00043EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 4:33 p.m.1 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00059EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 4:33 p.m.2 views

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 4:33 p.m.0 views

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits3References5
RedHat Linux
RedHat Linuxadded 2026/03/12 4:33 p.m.2 views

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

4.3CVSS5.7AI score0.00023EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/12 4:33 p.m.2 views

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

8.8CVSS6.2AI score0.00059EPSS
Exploits3References5
RedHat Linux
RedHat Linuxadded 2026/03/12 4:20 p.m.0 views

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00039EPSS
Exploits0References5
Rows per page
Query Builder