CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13195 matches found

Cvelist•added 2026/06/10 5:16 p.m.•29 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.10035EPSS

Exploits2References1

Vulnrichment•added 2026/06/10 5:16 p.m.•6 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

9.8CVSS5.9AI score0.10035EPSS

Exploits2References1

CVE•added 2026/06/10 5:16 p.m.•162 views

CVE-2026-20253

Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....

9.8CVSS5.8AI score0.10035EPSS

In wildExploits2References3Affected Software1

RedhatCVE•added 2026/06/10 2:59 p.m.•7 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS

Exploits0References1

NVD•added 2026/06/10 2:16 p.m.•8 views

CVE-2026-52758

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the...

8.8CVSS0.00309EPSS

Exploits0References2

NVD•added 2026/06/10 2:16 p.m.•10 views

CVE-2026-49498

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.8CVSS0.00259EPSS

Exploits0References2

Cvelist•added 2026/06/10 12:42 p.m.•37 views

CVE-2026-52758 Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search

8.8CVSS0.00309EPSS

Exploits0References2

Vulnrichment•added 2026/06/10 12:42 p.m.•5 views

CVE-2026-52758 Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search

8.8CVSS5.8AI score0.00309EPSS

Exploits0References2

EUVD•added 2026/06/10 12:42 p.m.•8 views

EUVD-2026-36017

8.8CVSS5.8AI score0.00309EPSS

Exploits0References2

CVE•added 2026/06/10 12:42 p.m.•24 views

CVE-2026-52758

Summary: Ghidra before 12.1 suffers a SQL injection in the BSim filter types where user-supplied values are directly concatenated into SQL queries without escaping or parameterization. This enables remote attackers to inject arbitrary SQL via the BSim network query protocol, potentially reading, ...

8.8CVSS5.8AI score0.00309EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/10 12:38 p.m.•8 views

EUVD-2026-36007

8.8CVSS5.7AI score0.00259EPSS

Exploits0References2

Cvelist•added 2026/06/10 12:38 p.m.•32 views

CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

8.8CVSS0.00259EPSS

Exploits0References2

Vulnrichment•added 2026/06/10 12:38 p.m.•5 views

CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

8.8CVSS5.7AI score0.00259EPSS

Exploits0References2

CVE•added 2026/06/10 12:38 p.m.•14 views

CVE-2026-49498

Ghidra 11.0 before 12.1 is affected by a SQL injection in PostgresFunctionDatabase.changePassword(), which fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can craft username parameters in PasswordChange network messages to inject SQL com...

8.8CVSS5.7AI score0.00259EPSS

Exploits0References2Affected Software1

OSV•added 2026/06/10 10:8 a.m.•10 views

RHSA-2026:25030 Red Hat Security Advisory: postgresql-jdbc security update

Bulletin has no description...

7.5CVSS5.2AI score0.00445EPSS

Exploits0References9

RedHat Linux•added 2026/06/10 9:58 a.m.•10 views

Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS7.2AI score0.00445EPSS

Exploits0References2

RedHat Linux•added 2026/06/10 9:58 a.m.•6 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS7.1AI score0.00445EPSS

Exploits0References6

CNNVD•added 2026/06/10 12:0 a.m.•7 views

NSA Ghidra SQL注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a SQL injection vulnerability. This vulnerability stemmed from the changePassword method of the...

8.8CVSS5.7AI score0.00259EPSS

Exploits0References1