CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

299 matches found

Veracode•added 2026/05/16 5:20 a.m.•7 views

Information Disclosure

strapi/strapi is vulnerable to information disclosure. The vulnerability is due to insufficient sanitization of relational query parameters in the where filter, which allows an unauthenticated attacker to perform a boolean-oracle attack against restricted adminusers table fields and potentially...

9.2CVSS5.8AI score0.00054EPSS

Exploits2References2Affected Software1

NVD•added 2026/05/14 7:16 p.m.•6 views

CVE-2026-27886

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

9.2CVSS0.00054EPSS

Exploits2References1

Snyk•added 2026/05/14 1:17 p.m.•8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview @strapi/strapi is an updated version of the old 'strapi', which is a free and open-source headless CMS delivering your content anywhere you need. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the query parameter...

9.2CVSS5.8AI score0.00054EPSS

Exploits2References3

OPENSUSE Linux•added 2026/04/21 12:0 a.m.•4 views

Security update for ovmf (moderate)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20499-1 Rating: moderate References: bsc1252441 Cross-References: CVE-2025-59438 CVSS scores: CVE-2025-59438 SUSE : 5.5...

5.7CVSS5.7AI score0.00043EPSS

Exploits0References1

Tenable Nessus•added 2026/04/17 12:0 a.m.•2 views

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1413-1 advisory. This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error...

5.3CVSS5.9AI score0.00043EPSS

Exploits0References4

OSV•added 2026/04/09 3:5 p.m.•0 views

SUSE-SU-2026:21161-1 Security update for ovmf

This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:29 a.m.•6 views

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

7.5CVSS6.8AI score0.00187EPSS

Exploits1References1

OSV•added 2025/11/14 2:45 p.m.•5 views

HSEC-2025-0002 Double Public Key Signing Function Oracle Attack on Ed25519

Double Public Key Signing Function Oracle Attack on Ed25519 The standard specification of Ed25519 message signing involves providing the algorithm with a message and private key. The function will use the private key to compute the public key and sign the message. Some libraries provide a variant...

6.9AI score

Exploits0References7