Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19896 matches found

CNNVD
CNNVDadded 2026/03/27 12:0 a.m.4 views

Handlebars.js 安全漏洞

Handlebars.js is an open-source JavaScript templating engine developed by The Handlebars Templating Language project. Versions of Handlebars.js 4.7.8 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of user-controlled strings by the Handlebars...

8.2CVSS7.3AI score0.00009EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/03/26 11:3 p.m.3 views

CVE-2025-14808

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS5.8AI score0.00039EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/26 9:31 p.m.0 views

EUVD-2026-16339

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

2.8CVSS5.9AI score0.0001EPSS
Exploits1References3
OSV
OSVadded 2026/03/26 9:17 p.m.0 views

UBUNTU-CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS5.9AI score0.0001EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/03/26 9:17 p.m.3 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS7.1AI score0.0001EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/03/26 8:0 p.m.0 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS6AI score0.0001EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/26 8:0 p.m.22 views

CVE-2026-2239 Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

2.8CVSS0.0001EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/26 8:0 p.m.3 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

2.8CVSS7.2AI score0.0001EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/03/26 8:0 p.m.3 views

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS7.4AI score0.0001EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2026/03/26 6:56 p.m.2 views

OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

8.3CVSS5.9AI score0.00042EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2026/03/26 5:21 p.m.1 views

CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

4.8CVSS5.9AI score0.0005EPSS
Exploits0References5
NVD
NVDadded 2026/03/26 5:16 p.m.1 views

CVE-2026-33468

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS0.00034EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 5:16 p.m.1 views

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS0.00034EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/26 5:3 p.m.17 views

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS0.00034EPSS
Exploits1References1
CVE
CVEadded 2026/03/26 5:3 p.m.5 views

CVE-2026-33468

Summary: CVE-2026-33468 is illustrated by a GitHub advisory about Kysely’s MySQL dialect allowing SQL injection via insufficient backslash escaping in string literals. The root cause is that DefaultQueryCompiler.sanitizeStringLiteral() only doubles single quotes and does not escape backslashes. W...

8.1CVSS6AI score0.00034EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 5:3 p.m.1 views

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS6AI score0.00034EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 5:3 p.m.6 views

CVE-2026-33468

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS6AI score0.00034EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/26 5:3 p.m.0 views

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS6.1AI score0.00034EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/26 5:1 p.m.1 views

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS5.9AI score0.00034EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/26 5:1 p.m.3 views

CVE-2026-33442 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS6AI score0.00034EPSS
Exploits1References3
Rows per page
Query Builder