CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/06 5:21 p.m.•5 views

CVE-2026-29090

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/06 5:21 p.m.•5 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

CVE•added 2026/05/06 5:21 p.m.•10 views

CVE-2026-29090

Rucio contains a SQL injection in FilterEngine.create_postgres_query() when the postgres_meta metadata plugin is configured. Attacker-controlled filter keys/values are interpolated into raw SQL via Python .format() and passed to psycopg3.sql.SQL(), enabling arbitrary SQL against the PostgreSQL me...

Exploits0References1Affected Software1

Cvelist•added 2026/05/06 5:21 p.m.•40 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

9CVSS0.00301EPSS

OSV•added 2026/05/06 4:44 p.m.•1 views

GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.8AI score0.00301EPSS

Exploits0References3

Snyk•added 2026/05/06 4:44 p.m.•9 views

SQL Injection

Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection via the createpostgresquery function when attacker-controlled filter keys and values are interpolated directly into raw SQL statements through the DID search endpoint. An attacker can execute...

9.9CVSS6.7AI score0.00301EPSS

Github Security Blog•added 2026/05/06 4:44 p.m.•5 views

Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

9CVSS6.8AI score0.00301EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•6 views

PT-2026-38087

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.create postgres query. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search...

EUVD•added 2026/05/05 8:9 p.m.•1 views

EUVD-2026-26247

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...

7.5CVSS5.8AI score0.00445EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/04/29 10:0 a.m.•6 views

Malicious code in @cap-js/postgres (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

5.6AI score

OSV•added 2026/04/29 10:0 a.m.•4 views

MAL-2026-3177 Malicious code in @cap-js/postgres (npm)

5.7AI score

OSV•added 2026/04/28 12:0 a.m.•2 views

OPENSUSE-SU-2026:10644-1 prometheus-postgres_exporter-0.10.1-6.1 on GA media

These are all security issues fixed in the prometheus-postgresexporter-0.10.1-6.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7AI score0.05994EPSS

Tenable Nessus•added 2026/04/23 12:0 a.m.•10 views

Veeam Backup and Replication 12.x < 12.3.2.4465 Multiple Vulnerabilities (KB4830)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.2.4465. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allowing an authenticated domain user to perform remote code execution RCE on the Backup Server...

9.9CVSS8.8AI score0.01128EPSS

Exploits0References7

RedhatCVE•added 2026/04/22 10:58 a.m.•3 views

CVE-2026-40906

A flaw was found in ElectricSQL, a Postgres sync engine. An authenticated user could exploit an error-based SQL injection vulnerability in the /v1/shape API's orderby parameter. This flaw allows an attacker to read, write, and destroy the full contents of the underlying PostgreSQL database. Such ...

9.9CVSS5.8AI score0.00405EPSS

Exploits1References5

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-37159

Name of the Vulnerable Software and Affected Versions pgx versions prior to 5.9.2 Description SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as...

9.8CVSS5.8AI score0.00559EPSS

Exploits0References136

Cvelist•added 2026/04/21 8:5 p.m.•28 views

CVE-2026-40906 Electric: SQL Injection via ORDER BY Parameter in Shape API

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the orderby parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted...

9.9CVSS0.00405EPSS

Exploits1References2

SUSE Linux•added 2026/04/21 9:20 a.m.•4 views

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

8.7CVSS5.7AI score0.00375EPSS

Exploits0References36

CNNVD•added 2026/04/21 12:0 a.m.•6 views

OpenBao SQL注入漏洞

OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 had a SQL injection vulnerability. This vulnerability occurred when revoking role permissions in the PostgreSQL database key engine, where the correct database reference was not...

4.9CVSS5.8AI score0.00235EPSS