CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1127 matches found

GithubExploit•added 2026/04/19 7:34 a.m.•86 views

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

5.8AI score

Exploits0

Wolfi•added 2026/04/17 8:0 p.m.•3 views

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: kargo, vcluster, rancher-agent, jitsucom-bulker, trivy-operator, emissary, velero, cloudnative-pg, percona-server-mongodb-operator, verticadb-operator, zarf, cilium-cli, istio, infinispan-operator, postgres-operator, trivy, dynamic-localpv-provisioner, skaffold, kots...

5.8AI score

Exploits0

Wolfi•added 2026/04/17 8:0 p.m.•3 views

CVE-2026-35469 vulnerabilities

8.7CVSS5.8AI score0.00029EPSS

Exploits0

OSV•added 2026/04/17 9:15 a.m.•1 views

OPENSUSE-SU-2026:20586-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security...

7.5CVSS5.9AI score0.00048EPSS

Exploits0References3

Zero Day Initiative•added 2026/04/15 12:0 a.m.•4 views

QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QVRPro Plugin. The issue results from an exposed dangerous method. An...

8.8CVSS7.8AI score0.00593EPSS

Exploits0References1

Wolfi•added 2026/04/11 2:51 a.m.•6 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: step-ca, libnvidia-container, sbom-convert, kots, prometheus-adapter, xeol, slsa-verifier, mockery, helm-mapkubeapis, terraform-provider-azuread, gh, envoy-gateway, secrets-store-csi-driver, falco-no-driver, kubernetes-csi-driver-hostpath, go-licenses, eksctl,...

7.5CVSS7.1AI score0.00022EPSS

Exploits0

Wolfi•added 2026/04/11 2:51 a.m.•7 views

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: step-ca, libnvidia-container, kots, prometheus-adapter, xeol, slsa-verifier, mockery, helm-mapkubeapis, terraform-provider-azuread, gh, envoy-gateway, secrets-store-csi-driver, falco-no-driver, go-licenses, eksctl, omnibump, sftpgo-plugin-eventstore, wave,...

5.8AI score

Exploits0

OSV•added 2026/04/09 12:27 p.m.•1 views

OPENSUSE-SU-2026:20489-1 Security update for pgvector

This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18...

8.1CVSS5.8AI score0.00063EPSS

Exploits0References2

OSV•added 2026/04/09 12:14 p.m.•1 views

SUSE-SU-2026:21153-1 Security update for pgvector

8.1CVSS5.8AI score0.00063EPSS

Exploits0References3

Snyk•added 2026/04/08 12:14 a.m.•2 views

SQL Injection

Overview drizzle-orm is a Drizzle ORM package for SQL databases Affected versions of this package are vulnerable to SQL Injection through the escapeName handling in the PostgreSQL, SQLite, and SingleStore dialects. An attacker can inject arbitrary SQL by supplying a malicious identifier to...

9.8CVSS6.2AI score0.00017EPSS

Exploits0References2

vulnersOsv•added 2026/04/07 6:4 p.m.•3 views

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=1.10.0 <=1.9.2)

@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYFEDIFY-15928876...

7.5CVSS5.8AI score0.00086EPSS

Exploits1

OSV•added 2026/04/06 2:45 a.m.•0 views

CLEANSTART-2026-WI06218 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.15.1-r0

Multiple security vulnerabilities affect the postgres-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.4AI score0.00044EPSS

Exploits0References7

RedhatCVE•added 2026/04/01 11:1 p.m.•2 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

9.8CVSS5.8AI score0.00018EPSS

Exploits0References1

Snyk•added 2026/04/01 6:32 a.m.•0 views

SQL Injection

Overview @langchain/google-cloud-sql-pg is a LangChain.js integrations for Google Cloud SQL for PostgreSQL Affected versions of this package are vulnerable to SQL Injection via the PostgresChatMessageHistory.initialize method due to the improper parameters validation before incorporating them int...

5CVSS6.1AI score

Exploits0References3

Snyk•added 2026/03/31 11:23 p.m.•2 views

SQL Injection

Overview alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to SQL Injection in the q parameter of the query string API due to direct interpolation of user-supplied input into SQL statements using f-strings. An attacker can execute arbitrary SQL...

9.8CVSS6.1AI score0.00018EPSS

Exploits0References2

OSV•added 2026/03/31 11:23 p.m.•2 views

GHSA-8PRR-286P-4W7J alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...

6.9CVSS5.9AI score0.00018EPSS

Exploits0References8