CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

EUVD-2026-36552

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.4AI score0.00226EPSS

Exploits0References1

Cvelist•added 6 days ago•24 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS

Exploits0References1

CNNVD•added 6 days ago•3 views

Cerebrate 安全漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...

6.3CVSS5.3AI score0.00207EPSS

Exploits0References1

OSV•added 2026/06/08 1:54 p.m.•4 views

JLSEC-2026-607

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•6 views

CVE-2026-6637

8.8CVSS6.4AI score0.00378EPSS

Exploits0References1

NVD•added 2026/06/04 12:16 p.m.•9 views

CVE-2026-4104

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS0.00292EPSS

Exploits0References1

Cvelist•added 2026/06/04 11:14 a.m.•34 views

CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass

9.8CVSS0.00292EPSS

Exploits0References1

CVE•added 2026/06/04 11:14 a.m.•8 views

CVE-2026-4104

TeknoPass (Akmer Informatics) is affected by CVE-2026-4104 due to an Authorization bypass that relies on a user-controlled SQL primary key, enabling SQL injection. Affected period is 20210501–20260429. The available documents specify the vulnerability type and affected product but do not provide ...

9.8CVSS5.9AI score0.00292EPSS

Exploits0References1

ATTACKERKB•added 2026/06/04 11:14 a.m.•3 views

CVE-2026-4104

9.8CVSS5.9AI score0.00292EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/06/04 12:0 a.m.•2 views

Akmer TeknoPass SQL注入漏洞

Akmer TeknoPass is an intelligent parking and access control system developed by the Turkish company Akmer. The versions from 20210501 to 20260429 of Akmer TeknoPass have a SQL injection vulnerability. This vulnerability arises from bypassing authorization through a user-controlled SQL primary ke...

9.8CVSS5.7AI score0.00292EPSS

Exploits0References1

CVE•added 2026/05/20 6:39 p.m.•12 views

CVE-2026-9136

CVE-2026-9136 affects the ShadowAttribute proposal creation workflow in MISP. An add action accepted client-supplied ShadowAttribute data without stripping the id field, allowing an authenticated user to supply the identifier of an existing ShadowAttribute and cause an update instead of creating ...

8.3CVSS5.7AI score0.00229EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/20 6:39 p.m.•6 views

EUVD-2026-31151

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS

Exploits0References1

OSV•added 2026/05/18 5:53 a.m.•2 views

BIT-POSTGRESQL-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection

8.8CVSS6.4AI score0.00378EPSS

Exploits0References2

Snyk•added 2026/05/14 3:23 p.m.•5 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the refint process. An attacker can execute arbitrary code as the operating system user running the database or execute arbitrary SQL as the database user performing a primary key update by providing...

8.8CVSS6.2AI score0.00378EPSS

Exploits0References2

UbuntuCve•added 2026/05/14 2:16 p.m.•5 views

CVE-2026-6637

8.8CVSS6.4AI score0.00378EPSS

Exploits0References4

OSV•added 2026/05/14 2:16 p.m.•2 views

UBUNTU-CVE-2026-6637

8.8CVSS6.4AI score0.00378EPSS

Exploits0References5

Cvelist•added 2026/05/14 1:0 p.m.•38 views

CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection

8.8CVSS0.00378EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 1:0 p.m.•6 views

CVE-2026-6637

8.8CVSS6.4AI score0.00378EPSS

Exploits0References2

EUVD•added 2026/05/14 1:0 p.m.•5 views

EUVD-2026-30291

8.8CVSS6.4AI score0.00378EPSS

Exploits0References1

CVE•added 2026/05/14 1:0 p.m.•29 views

CVE-2026-6637

The CVE-2026-6637 issue affects PostgreSQL’s refint module, causing a stack buffer overflow that could allow an unprivileged database user to execute arbitrary OS-level code running the database. A separate attack path exists when an application exposes a user-controlled column as a refint cascad...

8.8CVSS6.4AI score0.00378EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by