CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

Tenable Nessus•added 2026/04/12 12:0 a.m.•2 views

FreeBSD : py-ormar -- vulnerabilities (8d549898-3598-11f1-a8bc-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8d549898-3598-11f1-a8bc-3c7c3fba4204 advisory. https://github.com/ormar-orm/ormar/security/advisories reports: Tenable has extracted the...

9.8CVSS7.5AI score0.00489EPSS

Exploits3References5

RedhatCVE•added 2026/03/26 3:1 p.m.•0 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.8AI score0.00489EPSS

Exploits1References1

Tenable Nessus•added 2026/03/21 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any...

9.8CVSS5.9AI score0.00489EPSS

Exploits1References3

Snyk•added 2026/03/19 10:46 p.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview ormar is an An async ORM with fastapi in mind and pydantic validation. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the model constructor when injecting the pkonly or excluded parameters when used...

9.8CVSS5.8AI score0.00489EPSS

Exploits1References2

vulnersOsv•added 2026/03/19 10:46 p.m.•1 views

fastapi-helpers (>=0.0.1 <=0.2.3), fastapi-users-db-ormar (=1.0.0) +11 more potentially affected by CVE-2026-27953 via ormar (>=0.10.16 <=0.20.2)

ormar PYPI version =0.10.16, =0.0.1, =0.3.1, =0.3.0, =0.0.1, =0.3.1, =0.0.1, =1.0.0, =0.0.1, =0.0.2 Source cves: CVE-2026-27953 Source advisory: SNYK:PYTHON-ORMAR-15701843...

9.8CVSS5.8AI score0.00489EPSS

Exploits1

OSV•added 2026/03/19 9:17 p.m.•1 views

DEBIAN-CVE-2026-27953

9.8CVSS5.6AI score0.00489EPSS

Exploits1References1

NVD•added 2026/03/19 9:17 p.m.•0 views

CVE-2026-27953

9.8CVSS0.00489EPSS

Exploits1References9

UbuntuCve•added 2026/03/19 9:17 p.m.•1 views

CVE-2026-27953

9.8CVSS5.8AI score0.00489EPSS

Exploits1References2

OSV•added 2026/03/19 9:17 p.m.•3 views

UBUNTU-CVE-2026-27953

9.8CVSS5.6AI score0.00489EPSS

Exploits1References3

Vulnrichment•added 2026/03/19 8:23 p.m.•1 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

7.1CVSS5.9AI score0.00489EPSS

Exploits1References9

CVE•added 2026/03/19 8:23 p.m.•6 views

CVE-2026-27953

Summary: CVE-2026-27953 affects ormar (Python)

9.8CVSS5.8AI score0.00489EPSS

Exploits1References9Affected Software1

OSV•added 2026/03/19 8:23 p.m.•3 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

7.1CVSS5.8AI score0.00489EPSS

Exploits1References11

Debian CVE•added 2026/03/19 8:23 p.m.•1 views

CVE-2026-27953

9.8CVSS5.6AI score0.00489EPSS

Exploits1

Cvelist•added 2026/03/19 8:23 p.m.•16 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

7.1CVSS0.00489EPSS

Exploits1References9

Github Security Blog•added 2026/03/19 4:27 p.m.•4 views

ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor

Summary A Pydantic validation bypass in ormar's model constructor allows any unauthenticated user to skip all field validation — type checks, constraints, @fieldvalidator/@modelvalidator decorators, choices enforcement, and required-field checks — by injecting "pkonly": true into a JSON request...

9.8CVSS6AI score0.00489EPSS

Exploits1References11Affected Software1

OSV•added 2026/03/19 4:27 p.m.•1 views

GHSA-F964-WHRQ-44H8 ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor

7.1CVSS6AI score0.00489EPSS

Exploits1References11

Positive Technologies•added 2026/03/19 12:0 a.m.•3 views

PT-2026-26342

Name of the Vulnerable Software and Affected Versions ormar versions 0.23.0 and below Description ormar, an async mini ORM for Python, has a Pydantic validation bypass issue in its model constructor. This allows unauthenticated users to skip all field validation by injecting " pk only ": true int...

9.8CVSS5.9AI score0.00489EPSS

Exploits1References18

CNNVD•added 2026/03/19 12:0 a.m.•3 views

ormar 安全漏洞

ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.23.0 contain security vulnerabilities. These vulnerabilities stem from Pydantic validation bypasses in the model constructor. This allows unvalidated users to bypass field validations by...

9.8CVSS5.8AI score0.00489EPSS

Exploits1References9

RedhatCVE•added 2026/02/25 4:6 a.m.•1 views

CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS5.9AI score0.00024EPSS

Exploits2References1