CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

193 matches found

NVD•added 2026/03/06 5:16 a.m.•8 views

CVE-2026-27005

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew MySQL, PostgreSQL. This allows...

9.8CVSS0.00513EPSS

Exploits1References2

Fedora•added 2026/03/05 12:57 a.m.•6 views

[SECURITY] Fedora 43 Update: coturn-4.9.0-1.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

7.2CVSS5.9AI score0.00254EPSS

Exploits1

OSV•added 2026/03/03 8:58 p.m.•3 views

GHSA-45RP-9P97-H852 NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

8.6CVSS6AI score0.00319EPSS

Exploits0References4

NVD•added 2026/02/24 2:16 p.m.•5 views

CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

7.1CVSS0.00348EPSS

Exploits0References2

Cvelist•added 2026/02/24 12:51 p.m.•21 views

CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

7.1CVSS0.00348EPSS

Exploits0References1

NVD•added 2026/02/19 8:25 p.m.•5 views

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

9.8CVSS0.00481EPSS

Exploits1References2

Cvelist•added 2026/02/19 12:0 a.m.•23 views

CVE-2025-67304

0.00481EPSS

Exploits1References2

Vulnrichment•added 2026/02/19 12:0 a.m.•3 views

CVE-2025-67304

5.8AI score0.00481EPSS

Exploits1References2

CVE•added 2026/01/30 12:0 a.m.•13 views

CVE-2025-69662

CVE-2025-69662 is a SQL injection vulnerability in geopandas prior to v1.1.2. The issue arises when using the to_postgis() function to write GeoDataFrames to a PostgreSQL database, enabling an attacker to obtain sensitive information. The CVSS v3.1 score is 8.6 (HIGH) with network attack vector a...

8.6CVSS5.9AI score0.00385EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/01/30 12:0 a.m.•3 views

CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

5.9AI score0.00385EPSS

Exploits1References2

CNNVD•added 2026/01/30 12:0 a.m.•13 views

Geopandas security vulnerabilities

Geopandas is an open-source Python tool for processing geospatial data. Versions of geopandas prior to 1.1.2 contained a security vulnerability. This vulnerability stemmed from a flaw in the topostgis function, which could allow attackers to access sensitive information when writing GeoDataFrames...

8.6CVSS5.8AI score0.00385EPSS

Exploits1References2

RedhatCVE•added 2026/01/22 8:22 p.m.•9 views

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.8AI score0.00394EPSS

Exploits1References1

NVD•added 2026/01/21 9:16 p.m.•7 views

CVE-2025-69285

8.7CVSS0.00394EPSS

Exploits1References2

Cvelist•added 2026/01/21 8:5 p.m.•17 views

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

8.7CVSS0.00394EPSS

Exploits1References2

EUVD•added 2026/01/21 8:5 p.m.•3 views

EUVD-2025-206314

8.7CVSS5.8AI score0.00394EPSS

Exploits1References2

ATTACKERKB•added 2026/01/21 8:5 p.m.•3 views

CVE-2025-69285

8.7CVSS5.5AI score0.00394EPSS

Exploits1References3Affected Software1

CVE•added 2026/01/21 8:5 p.m.•12 views

CVE-2025-69285

SQLBot prior to v1.5.0 is affected by an authentication bypass in the /api/v1/datasource/uploadExcel endpoint. The endpoint is whitelisted, allowing remote unauthenticated uploads of Excel/CSV files, which are parsed and inserted into PostgreSQL via to_sql() with if_exists='replace'. This enables...

8.7CVSS5.8AI score0.00394EPSS

Exploits1References2Affected Software1

OSV•added 2026/01/21 8:5 p.m.•4 views

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

8.7CVSS5.9AI score0.00394EPSS

Exploits1References4

Positive Technologies•added 2026/01/15 12:0 a.m.•3 views

PT-2026-3155

Name of the Vulnerable Software and Affected Versions Odine Solutions GateKeeper version 1.0 Description The software contains a SQL injection issue in the trafficCycle API endpoint. Remote attackers can inject malicious database queries by sending crafted payloads to the /rass/api/v1/trafficCycl...

8.2CVSS5.5AI score0.00411EPSS

Exploits0References6

RedhatCVE•added 2026/01/07 9:12 a.m.•12 views

CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

8.6CVSS7.2AI score0.00394EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by