Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216210 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/14 8:45 p.m.4 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References2
CVE
CVEadded 2026/05/14 8:45 p.m.10 views

CVE-2026-42847

CVE-2026-42847 affects ClipBucket v5 prior to 5.5.3 - #122. The vulnerability is a SQL injection in the authenticated admin endpoint admin_area/action_logs.php, where the GET parameter $_GET['type'] is read, stored, and concatenated into a SQL WHERE condition on action_type in fetch_action_logs()...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/14 8:45 p.m.6 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 7:50 p.m.5 views

CLSA-2026-1778788198 Fix of 6 CVEs

SECURITY UPDATE: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - debian/patches/CVE-2026-7258.patch: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-7258 SECURITY UPDATE: fix stale SOAPGLOBAL refmap pointer with...

9.8CVSS5.9AI score0.00505EPSS
Exploits0References1
Debian
Debianadded 2026/05/14 2:26 p.m.8 views

[SECURITY] [DSA 6270-1] postgresql-17 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6270-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq -...

8.8CVSS6.1AI score0.00471EPSS
Exploits0
Debian
Debianadded 2026/05/14 2:25 p.m.8 views

[SECURITY] [DSA 6269-1] postgresql-15 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6269-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq -...

8.8CVSS6.1AI score0.00471EPSS
Exploits0
NVD
NVDadded 2026/05/14 2:16 p.m.12 views

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS0.00187EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/14 2:16 p.m.5 views

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/14 2:16 p.m.6 views

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/14 2:16 p.m.6 views

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6AI score0.00187EPSS
Exploits0References4
OSV
OSVadded 2026/05/14 2:16 p.m.2 views

UBUNTU-CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References5
CVE
CVEadded 2026/05/14 1:0 p.m.34 views

CVE-2026-6637

The CVE-2026-6637 issue affects PostgreSQL’s refint module, causing a stack buffer overflow that could allow an unprivileged database user to execute arbitrary OS-level code running the database. A separate attack path exists when an application exposes a user-controlled column as a refint cascad...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2026/05/14 1:0 p.m.33 views

CVE-2026-6638

Summary: CVE-2026-6638 is a SQL injection vulnerability in PostgreSQL’s logical replication via ALTER SUBSCRIPTION ... REFRESH PUBLICATION. The issue affects major versions 16, 17, and 18 with specific vulnerable minor versions (16.14, 17.10, 18.4) and is triggered at the next REFRESH PUBLICATION...

8.8CVSS6.1AI score0.00187EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/14 1:0 p.m.39 views

CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/14 1:0 p.m.4 views

CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

3.7CVSS6.1AI score0.00187EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 1:0 p.m.5 views

EUVD-2026-30291

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 1:0 p.m.22 views

EUVD-2026-30290

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

3.7CVSS6.1AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/14 1:0 p.m.41 views

CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

3.7CVSS0.00187EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/05/14 1:0 p.m.10 views

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6.1AI score0.00187EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/14 1:0 p.m.39 views

CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS0.00287EPSS
Exploits0References1
Rows per page
Query Builder