CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в cyrus-sasl2

In Cyrus SASL 2.1.17 through 2.1.27 up to 2.1.28, the plugins/sql.c file does not escape the password used in SQL INSERT or UPDATE statements...

8.8CVSS7.2AI score0.00431EPSS

OSV•added 2026/05/19 2:35 p.m.•3 views

GHSA-24C8-4792-22HX Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString

Summary ArrayFunctions.InsertAt in Scriban allocates index - list.Count null entries in a tight C for loop with no bound on index. The function is exposed to template authors as array.insertat, and the fill loop ignores every existing safety control: LoopLimit, LimitToString, ObjectRecursionLimit...

8.7CVSS5.8AI score

Snyk•added 2026/05/19 2:35 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

9.2CVSS5.8AI score

Snyk•added 2026/05/19 2:35 p.m.•7 views

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

9.2CVSS5.8AI score

OSV•added 2026/05/18 6:54 p.m.•3 views

CLSA-2026-1779130441 vim: Fix of 3 CVEs

CVE-2022-0261: fix heap-based buffer overflow in blockinsert in src/ops.c - CVE-2022-0318: fix heap-based buffer overflow in utfheadoff in mbyte.c - CVE-2022-3520: clamp bopend.col = 0 in doput to prevent Visual block put underflow...

9.8CVSS7.1AI score0.00202EPSS

Exploits3References1

OSV•added 2026/05/18 6:46 p.m.•2 views

CLSA-2026-1779129979 vim: Fix of 3 CVEs

9.8CVSS7AI score0.00202EPSS

Exploits3References1

ATTACKERKB•added 2026/05/18 3:40 p.m.•5 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00044EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/05/18 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021477 advisory. A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is larg...

4.8CVSS6AI score0.00742EPSS

Exploits0References4

EUVD•added 2026/05/16 3:26 p.m.•4 views

EUVD-2021-34824

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

ATTACKERKB•added 2026/05/16 3:26 p.m.•2 views

Exploits0References4

CVE-2021-47956

Exploits0References4Affected Software1

CVE•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47956

The connected documents identify CVE-2021-47956 as affecting EgavilanMedia PHPCRUD 1.0 and describe a SQL injection vulnerability allowing unauthenticated attackers to manipulate database queries via the firstname parameter. Exploitation details include sending crafted POST requests to insert.php...

Positive Technologies•added 2026/05/16 12:0 a.m.•8 views

Exploits0References4

PT-2026-41453

Name of the Vulnerable Software and Affected Versions EgavilanMedia PHPCRUD version 1.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending POST requests to the 'insert.php' endpoint using the firstname...

RedhatCVE•added 2026/05/14 7:58 p.m.•6 views

Exploits0References6

CVE-2026-42550

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert, SimplePdo::update, and SimplePdo::delete build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an...

8.8CVSS6AI score0.00019EPSS

NVD•added 2026/05/13 8:16 p.m.•9 views

CVE-2026-42550

8.8CVSS0.00019EPSS

ATTACKERKB•added 2026/05/13 7:22 p.m.•3 views

CVE-2026-42550

8.8CVSS6AI score0.00019EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/13 7:22 p.m.•24 views

CVE-2026-42550 Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete

8.8CVSS0.00019EPSS

Vulnrichment•added 2026/05/13 7:22 p.m.•4 views

CVE-2026-42550 Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete

8.8CVSS6AI score0.00019EPSS

UbuntuCve•added 2026/05/13 4:17 a.m.•6 views

CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

5.3CVSS5.8AI score0.00052EPSS

Vulnrichment•added 2026/05/13 12:8 a.m.•7 views

CVE-2026-8200 Schema validation log messages may not redact user data

4.8CVSS5.8AI score0.00052EPSS