CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1492 matches found

Redos•added 2026/02/24 12:0 a.m.•6 views

ROS-20260224-73-0024

Vulnerability in python-django related to failure to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

5.4CVSS6.4AI score0.00491EPSS

Exploits1

NCSC•added 2026/02/09 10:39 a.m.•7 views

Vulnerabilities fixed in n8n

n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...

9.9CVSS6.9AI score0.01713EPSS

Exploits0References10

OSV•added 2026/02/04 9:15 p.m.•4 views

CVE-2025-1823

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

3.5CVSS5.8AI score0.00216EPSS

Exploits0References1

NVD•added 2026/02/04 9:15 p.m.•4 views

CVE-2025-1823

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

3.5CVSS0.00216EPSS

Exploits0References1

Github Security Blog•added 2026/02/04 7:39 p.m.•6 views

n8n Merge Node has Arbitrary File Write leading to RCE

Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. Patches The issue has been fixed in n8n version 2.4.0, 1.118.0...

9.4CVSS6.1AI score0.00664EPSS

Exploits0References3Affected Software1

EUVD•added 2026/02/04 4:47 p.m.•8 views

EUVD-2026-5415

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

9.4CVSS6.2AI score0.00664EPSS

Exploits0References1

Positive Technologies•added 2026/02/04 12:0 a.m.•4 views

PT-2026-6265

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.118.0 n8n versions prior to 2.4.0 Description n8n is a workflow automation platform. A flaw in the Merge node’s SQL Query mode permitted authenticated users with workflow creation or modification rights to write arbitra...

9.4CVSS6.3AI score0.00664EPSS

Exploits0References13

RedhatCVE•added 2026/01/22 5:34 p.m.•11 views

CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

8.8CVSS6.5AI score0.00262EPSS

Exploits0References1

OSV•added 2026/01/21 6:30 p.m.•4 views

GHSA-86GH-C8R8-XWHQ phpPgAdmin contains a remote command execution vulnerability

8.8CVSS6.4AI score0.00262EPSS

Exploits0References5

ATTACKERKB•added 2026/01/21 5:27 p.m.•5 views

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

9.8CVSS6.9AI score0.0102EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/01/21 12:0 a.m.•5 views

PT-2026-3794

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 contains a remote code execution issue. Attackers can execute arbitrary shell commands through SQL query manipulation. The issue allows command injection into the run sql...

9.8CVSS6.6AI score0.0102EPSS

Exploits1References6

Positive Technologies•added 2026/01/14 12:0 a.m.•6 views

PT-2026-2816

Name of the Vulnerable Software and Affected Versions DASHBOARD BUILDER – WordPress plugin for Charts and Graphs versions prior to 1.5.8 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by a lack of nonce validation within the settings handler in...

7.1CVSS7.3AI score0.00132EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 9:54 a.m.•5 views

CVE-2020-10563

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

9.8CVSS7.5AI score0.01673EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•30 views

CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

8.8CVSS7.2AI score0.76134EPSS

Exploits0References1

Tenable Nessus•added 2025/11/21 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-60799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of...

6.1CVSS5.8AI score0.00191EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-9823

Malware in sbrugna...

7.2CVSS7AI score0.01697EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-27316

Malware in sbrugna...

4.9CVSS5.1AI score0.01033EPSS

Exploits0References2