CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the req function. An attacker can access internal services and sensitive cloud metadata by leveraging HTTP redirects through an attacker-controlled server,...

7.7CVSS5.8AI score0.00258EPSS

Exploits0References2

GithubExploit•added 2026/05/15 5:14 p.m.•100 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

nextjs-cve-2026-44578 Nuclei templates for detecting...

8.6CVSS5.8AI score0.37756EPSS

Exploits9

NVD•added 2026/05/15 4:16 p.m.•9 views

CVE-2026-2031

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

10CVSS0.00514EPSS

Exploits0References1

CVE•added 2026/05/15 3:38 p.m.•26 views

CVE-2026-2031

The CVE-2026-2031 entry describes an improper access control vulnerability in several internal API endpoints of Google Cloud Application Integration (prior to 2026-01-23). An unauthenticated remote attacker can disclose sensitive internal information and execute arbitrary code by sending speciall...

10CVSS6AI score0.00514EPSS

Exploits0References1

ATTACKERKB•added 2026/05/15 3:38 p.m.•6 views

CVE-2026-2031

10CVSS6AI score0.00514EPSS

Exploits0References2

Cvelist•added 2026/05/15 3:38 p.m.•40 views

CVE-2026-2031 Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.

10CVSS0.00514EPSS

Exploits0References1

Vulnrichment•added 2026/05/15 3:38 p.m.•13 views

CVE-2026-2031 Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.

10CVSS6AI score0.00514EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/15 3:9 p.m.•14 views

Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1

Summary Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1 Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on...

9.8CVSS7.2AI score0.66933EPSS

Exploits18Affected Software1

IBM Security Bulletins•added 2026/05/15 2:46 p.m.•10 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 12.1.3 and earlier affect IBM® Db2® Big SQL on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remot...

8.4CVSS7AI score0.02015EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/15 2:43 p.m.•9 views

Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS6.6AI score0.00519EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/15 2:40 p.m.•11 views

Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 a...

7.5CVSS7AI score0.01242EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/15 2:25 p.m.•10 views

Security Bulletin: A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL 8 and ealier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1....

9.8CVSS7.1AI score0.00611EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/15 2:21 p.m.•9 views

Security Bulletin: A vulnerability in the qs package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the qs package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled,...

7.5CVSS7.1AI score0.00478EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/15 2:15 p.m.•16 views

Security Bulletin: Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and ealier. Vulnerability Details CVEID:CVE-2025-36247 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is...

8.2CVSS5.8AI score0.00296EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/15 2:10 p.m.•11 views

Security Bulletin: A vulnerability in package Lodash affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in OpenSSL affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacke...

8.2CVSS6.6AI score0.00317EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/05/15 1:57 p.m.•8 views

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

9.6CVSS6AI score0.0061EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by