CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13194 matches found

Tenable Nessus•added 2026/03/11 12:0 a.m.•2 views

RHEL 9 : postgresql:15 (RHSA-2026:4254)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4254 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL oidvector discloses a fe...

8.8CVSS6.3AI score0.00678EPSS

Exploits3References10

F5 Networks•added 2026/03/10 9:18 p.m.•8 views

K000160291: PostgreSQL vulnerability CVE-2025-12818

Security Advisory Description Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the...

5.9CVSS5.8AI score0.00301EPSS

Exploits0

F5 Networks•added 2026/03/10 9:15 p.m.•8 views

K000160290: PostgreSQL vulnerability CVE-2025-12817

Security Advisory Description Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, woul...

3.1CVSS5.8AI score0.00197EPSS

Exploits0

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2025-208473

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...

7.5CVSS6.3AI score0.00679EPSS

Exploits0References2

EUVD•added 2026/03/10 6:31 p.m.•4 views

EUVD-2025-208474

7.5CVSS6.3AI score0.00679EPSS

Exploits0References2

Snyk•added 2026/03/10 6:25 p.m.•2 views

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection in the handling of dot-notation field names with the sort, distinct, or where query parameters in PostgreSQL...

9.8CVSS6.2AI score0.00408EPSS

Exploits0References2

OSV•added 2026/03/10 6:25 p.m.•4 views

GHSA-QPR4-JRJ4-6F27 Parse Server: SQL injection via dot-notation field name in PostgreSQL

Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...

9.3CVSS5.8AI score0.00408EPSS

Exploits0References5

Github Security Blog•added 2026/03/10 6:25 p.m.•4 views

Parse Server: SQL injection via dot-notation field name in PostgreSQL

9.8CVSS5.8AI score0.00408EPSS

Exploits0References5Affected Software1

NVD•added 2026/03/10 6:17 p.m.•4 views

CVE-2025-13957

7.5CVSS0.00679EPSS

Exploits0References1

Chainguard•added 2026/03/10 1:17 p.m.•4 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: knative-net-istio-fips, kapp, datadog-agent, influxd, restic-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, postgres-operator-fips, terraform-provider-azuread, crossplane-provider-aws-sqs-fips, elastic-agent,...

7.5CVSS7.4AI score0.0052EPSS

Exploits0

CVE•added 2026/03/10 12:19 p.m.•12 views

CVE-2025-13957

Summary: CVE-2025-13957 is a CWE-798 vulnerability involving hard-coded credentials that could lead to information disclosure and remote code execution when SOCKS Proxy is enabled, if administrator and PostgreSQL credentials are known. The issue is associated with Schneider Electric EcoStruxure I...

7.5CVSS6.3AI score0.00679EPSS

Exploits0References1