CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

EUVD•added 2026/05/27 7:55 a.m.•6 views

EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:55 a.m.•3 views

CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function

7.1CVSS6AI score0.00039EPSS

Exploits0References1

EUVD•added 2026/05/21 5:10 p.m.•4 views

EUVD-2026-31315

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS5.9AI score0.00044EPSS

Exploits0References3

UbuntuCve•added 2026/05/18 5:16 p.m.•3 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00044EPSS

Exploits0References2

EUVD•added 2026/05/13 6:30 p.m.•5 views

EUVD-2026-29891

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

4.8CVSS5.8AI score0.00032EPSS

Exploits0References2

OSV•added 2026/05/13 4:17 a.m.•1 views

UBUNTU-CVE-2026-8200

5.3CVSS5.8AI score0.00032EPSS

Exploits0References2

CNNVD•added 2026/04/21 12:0 a.m.•4 views

Oracle PeopleSoft Enterprise HCM Shared Components 安全漏洞

Oracle PeopleSoft Enterprise HCM Shared Components is a set of common component modules for human resources systems developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Shared Components contains a security vulnerability. This vulnerability stems from issues with the...

5.4CVSS7.2AI score0.00028EPSS

Exploits0References2

CNNVD•added 2026/01/20 12:0 a.m.•0 views

Oracle Utilities Applications security vulnerabilities

Oracle Utilities Applications is a technology platform for the utilities industry developed by Oracle, a company in the United States. Vulnerabilities exist in versions 4.4.0.3.0.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10 of the Oracle Utilities Application Framework. These...

5.4CVSS7.1AI score0.00042EPSS

Exploits0References2

NVD•added 2025/12/12 5:15 p.m.•3 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS0.00213EPSS

Exploits0References2

CNNVD•added 2025/10/21 12:0 a.m.•1 views

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in Unified Audit versions 23.4 through 23.9 of Oracle Database Server...

2.7CVSS7.1AI score0.00031EPSS

Exploits0References2

Hacker One•added 2025/07/09 1:50 p.m.•4 views

U.S. Dept Of Defense: Critical PII Data Exposure in ORDER_ERROR_LOG

A critical security vulnerability was identified in the application's error logging system. The ORDERERRORLOG file contained complete database insertion statements that exposed personally identifiable information of customers in plain text format. The error handling mechanism was logging full SQL...

7.1AI score

Exploits0

RedhatCVE•added 2025/05/22 8:37 p.m.•0 views

CVE-2021-35665

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion component: Repository. The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting...

6.1CVSS6.8AI score0.00582EPSS

Exploits0References1

Debian CVE•added 2025/02/05 9:7 a.m.•8 views

CVE-2023-52925

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044intervaloverlap0 Expected: 0-2 . 0-3, got: W: FAILED ./testcases/sets/0044intervaloverlap0: got 1 Insertion...

6.2CVSS5.4AI score0.00018EPSS

Exploits0

OSV•added 2024/10/15 8:15 p.m.•3 views

CVE-2024-21261

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle...

4.9CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2024/09/10 12:0 a.m.•1 views

PT-2024-6370 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.5.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, a specially crafted...

9CVSS8.1AI score0.00555EPSS

Exploits1References17

CNNVD•added 2024/01/17 12:0 a.m.•1 views

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite and Oracle Installed Base are both products of Oracle Corporation Oracle.Oracle E-Business Suite is a fully integrated global business management software. The software provides customer relationship management, service management, financial management and...

6.1CVSS6.6AI score0.00225EPSS

Exploits0References2

CNNVD•added 2024/01/17 12:0 a.m.•1 views

Oracle Enterprise Manager Base Platform Security Vulnerability

Oracle Enterprise Manager Base Platform is a set of local management platform from Oracle Corporation in the United States. The platform is primarily used to manage Oracle product deployments. ecto is an elixir-ecto open source toolkit for data mapping and language integration queries. A security...

7.5CVSS6.4AI score0.00122EPSS

Exploits0References2

CNNVD•added 2024/01/17 12:0 a.m.•2 views

Oracle E-Business Suite Security Vulnerability

5.4CVSS6.6AI score0.00234EPSS

Exploits0References2

CNNVD•added 2024/01/16 12:0 a.m.•1 views

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Customer...

6.1CVSS6.6AI score0.00271EPSS

Exploits0References2

RedHat Linux•added 2023/12/20 9:45 a.m.•0 views

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS7.3AI score0.00439EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by