CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

RedHat Linux•added 2026/03/05 1:16 p.m.•2 views

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.00678EPSS

Exploits3References5

Vulnrichment•added 2026/03/03 12:0 a.m.•5 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

6AI score0.00235EPSS

Exploits0References3

Vulnrichment•added 2026/02/19 12:0 a.m.•3 views

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

5.8AI score0.00481EPSS

Exploits1References2

SUSE CVE•added 2026/02/13 12:26 a.m.•5 views

SUSE CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS6.5AI score0.00659EPSS

Exploits0References32

OSV•added 2026/02/12 2:16 p.m.•3 views

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.4AI score0.00678EPSS

Exploits3References1

RedhatCVE•added 2026/02/03 3:11 a.m.•5 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.5AI score0.00254EPSS

Exploits1References1

CNNVD•added 2026/02/02 12:0 a.m.•4 views

Subrion CMS 安全漏洞

Subrion CMS is a content management system CMS developed by the Subrion team, based on PHP. This system can be integrated into websites and supports various extension plugins. Version 4.2.1 of Subrion CMS has a security vulnerability, which stems from insufficient input validation for the dbuser,...

6.1CVSS5.6AI score0.00254EPSS

Exploits1References1

Positive Technologies•added 2026/02/02 12:0 a.m.•5 views

PT-2026-5704

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1 Description The installation module of Subrion CMS contains reflected cross-site scripting XSS flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs...

6.1CVSS5.4AI score0.00254EPSS

Exploits1References8

ATTACKERKB•added 2026/02/02 12:0 a.m.•2 views

CVE-2025-70958

5.5AI score0.00254EPSS

Exploits1References2

OSV•added 2026/01/07 7:29 p.m.•1 views

GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

4.9CVSS7.9AI score0.00391EPSS

Exploits1References4

EUVD•added 2025/12/02 9:31 p.m.•4 views

EUVD-2025-200322

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.7CVSS7.2AI score0.00288EPSS

Exploits0References2

OSV•added 2025/12/02 9:15 p.m.•1 views

CVE-2025-61940

8.8CVSS5.8AI score

Exploits0References1

NVD•added 2025/12/02 9:15 p.m.•2 views

CVE-2025-61940

8.8CVSS0.00288EPSS

Exploits0References1

OSV•added 2025/11/13 10:22 p.m.•2 views

GHSA-4JVF-WX3F-2X8Q AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

8.6CVSS6.8AI score0.00373EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-1641

Malware in sbrugna...

7.5CVSS6.1AI score0.0172EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2015-4862

Malware in sbrugna...

4.3CVSS7.4AI score0.02558EPSS

Exploits0References8