CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

223 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fixed the TOCTOU race condition in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. This chec...

4.7CVSS6.2AI score0.00101EPSS

Exploits0References2

Snyk•added 2026/06/09 8:24 p.m.•7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the fts5ChunkIterate function in the FTS5 full-text search extension. An attacker can cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata that...

8.5CVSS6.2AI score0.00175EPSS

Exploits0References2

OSV•added 2026/06/09 8:16 p.m.•4 views

UBUNTU-CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

8.5CVSS6.3AI score0.00175EPSS

Exploits0References4

AlpineLinux•added 2026/06/09 7:21 p.m.•8 views

CVE-2026-11824

8.5CVSS6.2AI score0.00175EPSS

Exploits0References4

Cvelist•added 2026/06/09 7:8 p.m.•38 views

CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

8.5CVSS0.00175EPSS

Exploits0References4

CVE•added 2026/06/09 7:8 p.m.•67 views

CVE-2026-11822

SQLite before 3.53.2 is affected by memory corruption in the FTS5 extension. A crafted database with malformed FTS5 page data can trigger an out-of-bounds read in fts5LeafSeek via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate via a crafted continuation pag...

8.5CVSS6.5AI score0.00175EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/05/11 12:0 a.m.•7 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017691 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior...

4.9CVSS6.8AI score0.02621EPSS

Exploits0References4

Tenable Nessus•added 2026/03/28 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-59031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip- style attachments. Attacker can use specially crafted...

4.3CVSS5.8AI score0.00283EPSS

Exploits0References3

OSV•added 2026/03/26 10:38 a.m.•4 views

SUSE-SU-2026:1065-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation bsc1259619. Changelog: Fix the WAL-reset database...

7.5CVSS5.9AI score0.00322EPSS

Exploits1References5

Tenable Nessus•added 2026/02/12 12:0 a.m.•4 views

SUSE SLED15: libsqlite3-0 / libsqlite3-0-32bit / sqlite3 / sqlite3-devel / etc (SUSE-SU-2026:0432-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0432-1 advisory. - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. bsc1254670 Tenable...

6.9CVSS5.9AI score0.00322EPSS

Exploits0References5

Tenable Nessus•added 2026/01/13 12:0 a.m.•5 views

MiracleLinux 8 : mysql:8.0 (AXSA:2025-9705:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9705:01 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

9.1CVSS7.4AI score0.16212EPSS

Exploits3References50

RedhatCVE•added 2026/01/07 9:39 a.m.•7 views

CVE-1999-0761

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program...

7.2CVSS7.1AI score0.00358EPSS

Exploits0References1

SUSE CVE•added 2025/12/11 12:47 a.m.•8 views

SUSE CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

5.4CVSS6.8AI score0.00322EPSS

Exploits0References11

Snyk•added 2025/12/02 6:39 a.m.•5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...

6.9CVSS6.6AI score

Exploits0References3