CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•11 views

Mongoose - NoSQL Injection

NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...

9.8CVSS7.8AI score0.07025EPSS

Exploits3References4

Nuclei•added yesterday•41 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.3AI score0.38038EPSS

Exploits4References5

RedhatCVE•added 6 days ago•7 views

CVE-2026-11525

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS4.9AI score0.00197EPSS

OSV•added 2026/06/12 8:51 a.m.•5 views

BIT-SQLITE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

SUSE CVE•added 2026/06/12 2:32 a.m.•9 views

SUSE CVE-2026-11822

7.8CVSS6.5AI score0.00178EPSS

SUSE CVE•added 2026/06/12 2:32 a.m.•8 views

SUSE CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

7.8CVSS6.2AI score0.00178EPSS

Tenable Nessus•added 2026/06/12 12:0 a.m.•89 views

Linux Distros Unpatched Vulnerability : CVE-2026-11822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory...

8.5CVSS6.6AI score0.00178EPSS

Exploits0References3

RedhatCVE•added 2026/06/10 2:59 a.m.•6 views

CVE-2026-44750

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

4.3CVSS5.5AI score0.00161EPSS

Snyk•added 2026/06/09 8:24 p.m.•6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the fts5ChunkIterate function in the FTS5 full-text search extension. An attacker can cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata that...

OSV•added 2026/06/09 8:16 p.m.•3 views

Exploits0References2

DEBIAN-CVE-2026-11824

OSV•added 2026/06/09 8:16 p.m.•3 views

DEBIAN-CVE-2026-11822

OSV•added 2026/06/09 8:16 p.m.•4 views

UBUNTU-CVE-2026-11824

8.5CVSS6.3AI score0.00178EPSS

Exploits0References4

OSV•added 2026/06/09 8:16 p.m.•4 views

UBUNTU-CVE-2026-11822

Debian CVE•added 2026/06/09 7:21 p.m.•4 views

Exploits0References4

CVE-2026-11824

AlpineLinux•added 2026/06/09 7:21 p.m.•6 views

Exploits0

CVE-2026-11824

CVE•added 2026/06/09 7:8 p.m.•60 views

Exploits0References4

CVE-2026-11822

SQLite before 3.53.2 is affected by memory corruption in the FTS5 extension. A crafted database with malformed FTS5 page data can trigger an out-of-bounds read in fts5LeafSeek via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate via a crafted continuation pag...