CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/04/07 6:4 p.m.•5 views

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (=2.1.0)

@fedify/vocab-runtime NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/vocab-runtime and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 - @fedify/fedify =2.1.0 -...

vulnersOsv•added 2026/04/07 6:4 p.m.•3 views

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.11) +6 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=1.10.0 <=1.10.10)

@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-34148 Source advisory: OSV:GHSA-GM9M-GWC4-HWGP...

7.5CVSS5.4AI score0.00551EPSS

vulnersOsv•added 2026/04/07 6:4 p.m.•5 views

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (=2.1.0)

@fedify/fedify NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 Source cves: CVE-2026-34148 Source advisory:...

vulnersOsv•added 2026/04/07 6:4 p.m.•7 views

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (=2.1.0)

vulnersOsv•added 2026/04/07 6:4 p.m.•3 views

@fedify/botkit (>=0.4.0-dev.182 <=0.4.0-dev.183), @fedify/botkit-sqlite (>=0.4.0-dev.182 <=0.4.0-dev.183) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=2.0.0 <=2.0.7)

@fedify/fedify NPM version =2.0.0, =0.4.0-dev.182, =0.4.0-dev.182, =2.0.0, =2.0.18 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYFEDIFY-15928876...

7.5CVSS5.4AI score0.00551EPSS

vulnersOsv•added 2026/04/07 6:4 p.m.•4 views

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (=2.1.0)

Tenable Nessus•added 2026/04/07 12:0 a.m.•3 views

Photon OS 5.0: Sqlite PHSA-2026-5.0-0802

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0802. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS5.6AI score0.00301EPSS

Tenable Nessus•added 2026/04/01 12:0 a.m.•1 views

Photon OS 4.0: Sqlite PHSA-2026-4.0-0989

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0989. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS5.6AI score0.00301EPSS

EUVD•added 2026/03/31 10:49 p.m.•6 views

EUVD-2026-17293

SciTokens is vulnerable to SQL Injection in KeyCache...

9.8CVSS6AI score0.00492EPSS

Exploits1References4

Github Security Blog•added 2026/03/31 10:49 p.m.•4 views

SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

9.8CVSS6.3AI score0.00492EPSS

Exploits1References5Affected Software1

Snyk•added 2026/03/31 3:10 a.m.•2 views

SQL Injection

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to SQL Injection via the KeyCache class. An attacker can execute arbitrary SQL commands against the local SQLite database by supplying crafted input to parameters such as issuer and...

9.8CVSS6.2AI score0.00492EPSS

ATTACKERKB•added 2026/03/31 1:31 a.m.•2 views

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

9.8CVSS6.1AI score0.00492EPSS

Exploits1References4Affected Software1

Photon•added 2026/03/31 12:0 a.m.•7 views

Important Photon OS Security Update - PHSA-2026-4.0-0989

Updates of 'sqlite' packages of Photon OS have been released...

7.5CVSS5.8AI score0.00301EPSS

Vulnrichment•added 2026/03/30 7:42 p.m.•3 views

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS