CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/14 6:31 p.m.•2 views

CVE-2026-43895

A flaw was found in jq, a command line JSON processor. Embedded NUL bytes in import paths are truncated during module and data-file lookup, creating a mismatch between the intended import string and the actual file path opened. This issue allows an attacker who can supply a crafted script to acce...

4.4CVSS5.7AI score0.0002EPSS

Exploits1References4

SUSE CVE•added 2026/05/13 3:33 a.m.•3 views

SUSE CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS5.9AI score0.0002EPSS

Exploits1References3

OSV•added 2026/05/12 8:55 a.m.•6 views

BIT-PHP-MIN-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

OSV•added 2026/05/12 8:55 a.m.•2 views

Exploits0References2

BIT-PHP-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

9.8CVSS5.9AI score0.00038EPSS

Exploits0References2

OSV•added 2026/05/12 8:50 a.m.•3 views

BIT-LIBPHP-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

9.8CVSS5.9AI score0.00038EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40292

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40277

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40302

ATTACKERKB•added 2026/05/11 5:24 p.m.•4 views

CVE-2026-43895

4.4CVSS5.9AI score0.0002EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2026/05/11 2:38 p.m.•2 views

SUSE CVE-2025-14179

CNNVD•added 2026/05/11 12:0 a.m.•3 views

Exploits0References7

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have a vulnerability related to input validation errors. This vulnerability arises because jq accepts embedded NUL bytes at the jq language level during import paths. However, during...

4.4CVSS5.8AI score0.0002EPSS

Exploits1References1

UbuntuCve•added 2026/05/10 5:16 a.m.•5 views

CVE-2025-14179

Debian CVE•added 2026/05/10 3:51 a.m.•10 views

CVE-2025-14179

ATTACKERKB•added 2026/05/10 3:51 a.m.•2 views

Exploits0

CVE-2025-14179

8.9CVSS5.8AI score0.00038EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/10 3:51 a.m.•41 views

CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

8.9CVSS0.00038EPSS

Vulnrichment•added 2026/05/10 3:51 a.m.•3 views

CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

8.9CVSS5.8AI score0.00038EPSS

CVE•added 2026/05/10 3:51 a.m.•15 views

CVE-2025-14179

PHP’s PDO Firebird driver is affected in PHP 8.2.x (before 8.2.31), 8.3.x (before 8.3.31), 8.4.x (before 8.4.21), and 8.5.x (before 8.5.6). The root cause is improper handling of NUL bytes during token-by-token SQL query construction: a string token containing a NUL byte is copied with strncat(),...

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/10 12:0 a.m.•5 views

PT-2026-39443

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description The PDO Firebird driver improperly handles NUL bytes during the preparation of SQL queries. When...

9.8CVSS5.8AI score0.00353EPSS

Exploits1References55

CNNVD•added 2026/05/10 12:0 a.m.•4 views

PHP SQL注入漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 have a SQL injection vulnerability. This vulnerability stems from the improper handling of NUL bytes by the PDO Firebird driver when processing SQL queries, which can...

9.8CVSS5.9AI score0.00038EPSS