CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...

8.6CVSS7.7AI score0.04646EPSS

Exploits2References4

Vulnrichment•added 2025/09/21 10:32 p.m.•2 views

CVE-2025-10770 jeecgboot JimuReport MySQL JDBC testConnection deserialization

A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit ha...

6.5CVSS6AI score0.00057EPSS

Exploits1References5

SUSE CVE•added 2025/09/10 11:27 p.m.•2 views

SUSE CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

7.3CVSS7.9AI score0.00231EPSS

Exploits0References3

CVE•added 2025/09/06 8:4 p.m.•14 views

CVE-2025-58443

Overview: CVE-2025-58443 affects FOGProject in versions ≤ 1.5.10.1673, with an authentication bypass that enables unauthenticated access and a full SQL database dump. What’s affected: Management/UI endpoints (notably /fog/management/export.php and related paths) exposing database contents and pot...

9.9CVSS7.1AI score0.09895EPSS

In wildExploits2References1Affected Software1

Cvelist•added 2025/09/06 8:4 p.m.•5 views

CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

9.9CVSS0.09895EPSS

Exploits2References1

NVD•added 2025/09/02 8:15 p.m.•3 views

CVE-2025-9273

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

4.3CVSS0.00083EPSS

Exploits0References1

RedHat Linux•added 2025/08/05 7:29 a.m.•3 views

Important: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

9.8CVSS6.7AI score0.01617EPSS

Exploits3References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by