CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82290 matches found

UbuntuCve•added 2026/04/17 8:16 p.m.•8 views

CVE-2026-34232

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

7.5CVSS5.7AI score0.00466EPSS

Exploits1References2

OSV•added 2026/04/17 8:16 p.m.•3 views

UBUNTU-CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00466EPSS

Exploits1References3

EUVD•added 2026/04/17 7:22 p.m.•5 views

EUVD-2026-23496

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

9.9CVSS6.2AI score0.00692EPSS

Exploits1References4

ATTACKERKB•added 2026/04/17 7:22 p.m.•1 views

CVE-2026-40342

9.9CVSS6.2AI score0.00692EPSS

Exploits1References5Affected Software1

NVD•added 2026/04/17 7:16 p.m.•3 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS0.00543EPSS

Exploits1References4

NVD•added 2026/04/17 7:16 p.m.•6 views

CVE-2026-28212

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS0.00503EPSS

Exploits1References4

NVD•added 2026/04/17 7:16 p.m.•1 views

CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

6.5CVSS0.01133EPSS

Exploits1References4

OSV•added 2026/04/17 7:16 p.m.•2 views

DEBIAN-CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.3AI score0.00465EPSS

Exploits1References1

OSV•added 2026/04/17 7:16 p.m.•0 views

UBUNTU-CVE-2026-33337

7.5CVSS5.9AI score0.00543EPSS

Exploits1References3

OSV•added 2026/04/17 7:16 p.m.•2 views

UBUNTU-CVE-2026-28214

6.5CVSS5.8AI score0.01133EPSS

Exploits1References3

UbuntuCve•added 2026/04/17 7:16 p.m.•3 views

CVE-2026-28212

7.5CVSS5.8AI score0.00503EPSS

Exploits1References2

OSV•added 2026/04/17 7:16 p.m.•2 views

UBUNTU-CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00465EPSS

Exploits1References3

UbuntuCve•added 2026/04/17 7:16 p.m.•4 views

CVE-2026-33337

7.5CVSS5.9AI score0.00543EPSS

Exploits1References2