CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/24 7:12 p.m.•1 views

EUVD-2026-14976

Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter...

8.6CVSS5.9AI score0.00452EPSS

Snyk•added 2026/03/24 7:12 p.m.•0 views

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection via the field name parameters of the aggregate $group pipeline stage or the distinct operation in the PostgreS...

8.6CVSS6.2AI score0.00452EPSS

Exploits0References2

OSV•added 2026/03/24 7:12 p.m.•3 views

GHSA-P2W6-RMH7-W8Q3 Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter

Impact An attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate $group pipeline stage or the distinct operation. This allows privilege escalation from Parse Server application-lev...

Cvelist•added 2026/03/24 6:26 p.m.•15 views

Exploits0References7

CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter

8.6CVSS0.00452EPSS

ATTACKERKB•added 2026/03/24 6:26 p.m.•0 views

CVE-2026-33539

Exploits0References6Affected Software1

Vulnrichment•added 2026/03/24 6:26 p.m.•0 views

CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter

CVE•added 2026/03/24 6:26 p.m.•7 views

CVE-2026-33539

Parse Server SQL injection vulnerability in PostgreSQL adapter (CVE-2026-33539). An attacker with master key access can inject SQL metacharacters into field name parameters of the aggregate $group stage or the distinct operation, enabling arbitrary SQL execution on PostgreSQL and privilege escala...

Exploits0References5Affected Software1

OSV•added 2026/03/24 6:26 p.m.•3 views

CVE-2026-33539 Parse Server: SQL injection via aggregate and distinct field names in PostgreSQL adapter

IBM Security Bulletins•added 2026/03/24 6:22 p.m.•8 views

Exploits0References7

Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Network Threat Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-2454 DESCRIPTION:...

8.8CVSS6.4AI score0.04322EPSS

Exploits0Affected Software1

OSV•added 2026/03/24 1:4 p.m.•3 views

CLSA-2026-1774355598 postgresql: Fix of CVE-2026-2003

CVE-2026-2003: fix memory disclosure via oidvector type...

4.3CVSS5.8AI score0.00281EPSS

OSV•added 2026/03/24 6:24 a.m.•1 views

OPENSUSE-SU-2026:20412-1 Security update for salt

This update for salt fixes the following issues: Changes in salt: - Security issues fixed: CVE-2025-67724: fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fixed HTTP header parameter parsing algorithm...

7.5CVSS5.9AI score0.01468EPSS

Exploits0References10

OSV•added 2026/03/24 6:19 a.m.•5 views

SUSE-SU-2026:20825-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fix DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fix HTTP header parameter parsing algorithm bsc1254904 - Fixed KeyError i...

7.5CVSS7AI score0.01468EPSS

Exploits0References11

Positive Technologies•added 2026/03/24 12:0 a.m.•1 views

PT-2026-27484

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.59 Parse Server versions prior to 9.6.0-alpha.53 Description Parse Server, an open source backend deployable on Node.js infrastructure, contains a flaw where an attacker possessing master key access can execu...

Tenable Nessus•added 2026/03/24 12:0 a.m.•5 views

Exploits0References9

Alibaba Cloud Linux 3 : 0059: postgresql:13 (ALINUX3-SA-2026:0059)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0059 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-2004: Missing validation of type ...

8.8CVSS6.5AI score0.00678EPSS

Exploits3References4

OSV•added 2026/03/23 9:41 a.m.•4 views

CLSA-2026-1774258892 postgresql: Fix of CVE-2026-2003

CVE-2026-2003: fix improper validation of oidvector and prevent disclosure of a few bytes of server memory...

4.3CVSS5.8AI score0.00281EPSS

OSV•added 2026/03/20 5:43 p.m.•4 views

CLSA-2026-1774028594 Update of postgresql11

Initial backport of PostgreSQL 11.22 for RHEL 7 - Based on Fedora/RHEL 8 spec files for PostgreSQL 10 and 12 - Adapted for RHEL 7 compatibility: - Disabled ICU support by default not readily available on RHEL 7 - Disabled plpython3 by default may need SCL for Python 3 - Removed perl-generators...

5.8AI score

OSV•added 2026/03/20 2:50 p.m.•3 views

OPENSUSE-SU-2026:20408-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: - Update to version 18.3. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

8.8CVSS6AI score0.00678EPSS

Exploits3References11

OSV•added 2026/03/20 2:41 p.m.•6 views

CLSA-2026-1774017701 postgresql: Fix of CVE-2026-2006

CVE-2026-2006: fix missing validation of multibyte character length in text manipulation; add proper length checks and bounds validation; prevent crafted queries from triggering buffer overrun and enabling arbitrary code execution...

8.8CVSS6.4AI score0.00659EPSS