Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81898 matches found

OSV
OSVadded 2026/04/17 7:16 p.m.1 views

DEBIAN-CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.3AI score0.00584EPSS
Exploits1References1
OSV
OSVadded 2026/04/17 7:16 p.m.2 views

UBUNTU-CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00586EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/04/17 7:16 p.m.2 views

CVE-2026-28212

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.8AI score0.00072EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/04/17 7:16 p.m.2 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References2
OSV
OSVadded 2026/04/17 7:16 p.m.2 views

UBUNTU-CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

6.5CVSS5.8AI score0.00072EPSS
Exploits1References3
OSV
OSVadded 2026/04/17 7:16 p.m.0 views

UBUNTU-CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/17 6:59 p.m.3 views

EUVD-2026-23490

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00165EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/17 6:59 p.m.28 views

CVE-2026-35215 Firebird: DoS via malicious slice descriptor in slice packet

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS0.00165EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/17 6:52 p.m.0 views

CVE-2026-34232

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

7.5CVSS5.7AI score0.00165EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/04/17 6:48 p.m.2 views

EUVD-2026-23482

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/04/17 6:48 p.m.1 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.6AI score0.00127EPSS
Exploits1
Debian CVE
Debian CVEadded 2026/04/17 6:38 p.m.2 views

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.2AI score0.00586EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/04/17 6:38 p.m.1 views

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00586EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/04/17 6:38 p.m.2 views

EUVD-2026-23468

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00586EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/04/17 6:35 p.m.2 views

CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

6.5CVSS5.3AI score0.00072EPSS
Exploits1
CVE
CVEadded 2026/04/17 6:35 p.m.5 views

CVE-2026-28214

CVE-2026-28214 affects Firebird DBMS. The issue is in the ClumpletReader::getClumpletSize() when parsing a Wide type clumplet, which can overflow totalLength and cause an infinite loop. An authenticated user with INSERT privileges on any table can trigger a denial of service via a crafted Batch P...

6.5CVSS5.7AI score0.00072EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/04/17 6:16 p.m.1 views

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS0.00032EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/04/17 6:16 p.m.2 views

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS5.8AI score0.00032EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/17 6:14 p.m.1 views

CVE-2026-27890 Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.7AI score0.00584EPSS
Exploits1References4
CVE
CVEadded 2026/04/17 6:14 p.m.11 views

CVE-2026-27890

Firebird CVE-2026-27890 is a pre-auth DoS flaw. In versions prior to 5.0.4, 4.0.7 and 3.0.14, during authentication the server assumes CNCT_specific_data segments arrive in strictly ascending order. If segments arrive out of order, the Array.grow() method computes a negative size, causing a SIGSE...

8.2CVSS5.7AI score0.00584EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder