CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/14 7:58 p.m.•8 views

CVE-2026-44204

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

6.5CVSS6.2AI score0.00043EPSS

Snyk•added 2026/05/12 9:0 p.m.•8 views

SQL Injection

Overview @n8n/api-types is a fair-code workflow automation platform with native AI capabilities Affected versions of this package are vulnerable to SQL Injection in the process of importing a Data Table JSON file during a Source Control Pull operation. An attacker who can write to the git...

7.5CVSS6AI score

NVD•added 2026/05/12 6:17 p.m.•8 views

CVE-2026-44204

6.5CVSS0.00043EPSS

EUVD•added 2026/05/12 5:45 p.m.•4 views

EUVD-2026-29728

6.5CVSS6.2AI score0.00043EPSS

Cvelist•added 2026/05/12 5:45 p.m.•27 views

CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter

6.5CVSS0.00043EPSS

CVE•added 2026/05/12 5:45 p.m.•8 views

CVE-2026-44204

Shelf is a platform for tracking physical assets. CVE-2026-44204 describes a SQL injection in the sortBy query parameter on the /assets route affecting versions 1.12 up to before 1.20.1. An authenticated user (any role) could execute arbitrary SQL and read data from any table, including data belo...

6.5CVSS6.2AI score0.00043EPSS

SUSE CVE•added 2026/05/12 3:58 a.m.•3 views

SUSE CVE-2025-6004

Vault and Vault Enterprise's “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS5.8AI score0.00146EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40333

Name of the Vulnerable Software and Affected Versions Shelf versions 1.12 through 1.20.0 Description An issue in the '/assets' route allows authenticated users of any role to execute arbitrary SQL commands and access data from any database table, including information from other organizations. Th...

6.5CVSS6.1AI score0.00043EPSS

Exploits0References6

Tenable Nessus•added 2026/04/09 12:0 a.m.•5 views

Oracle Linux 8 : nginx:1.24 (ELSA-2026-6907)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6907 advisory. - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

8.8CVSS7.6AI score0.944EPSS

Exploits29References5

vulnersOsv•added 2026/03/31 10:34 p.m.•1 views

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +368 more potentially affected by CVE-2026-27489 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.11.2 - amf-fast-inference =0.0.3 - anomavision =3.0.10 and more Source cves: CVE-2026-27489 Source advisory: SNYK:PYTHON-ONNX-15870164...

8.7CVSS5.8AI score0.00031EPSS

Exploits1

Tenable Nessus•added 2026/03/24 12:0 a.m.•2 views

Oracle Linux 8 : nginx:1.24 (ELSA-2026-5581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5581 advisory. - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-12728 -...

8.2CVSS7AI score0.944EPSS

Exploits29References2

OSV•added 2026/03/18 2:16 a.m.•4 views

PYSEC-2026-103

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.7AI score0.00011EPSS

CNNVD•added 2026/03/18 12:0 a.m.•4 views

ONNX 安全漏洞

ONNX Open Neural Network Exchange is an open standard for machine learning interoperability, developed under the ONNX open source framework. Versions of ONNX prior to 1.20.1 contain security vulnerabilities. These vulnerabilities stem from improper logic in the repository trust verification...

9.1CVSS5.8AI score0.00011EPSS

Tenable Nessus•added 2026/03/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-28500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass...

9.1CVSS5.8AI score0.00011EPSS

RedhatCVE•added 2026/03/11 7:8 a.m.•2 views

CVE-2026-30870

PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...

6.5CVSS5.8AI score0.00042EPSS

NVD•added 2026/03/10 5:40 p.m.•1 views

CVE-2026-30870

6.5CVSS0.00042EPSS

EUVD•added 2026/03/09 10:31 p.m.•0 views

EUVD-2026-10416

6.5CVSS5.8AI score0.00042EPSS