CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/26 5:1 p.m.•7 views

CVE-2026-46624

CVE-2026-46624 affects Twenty CRM (open source). From 1.7.7 to 1.16.7, a critical Remote Code Execution (RCE) exists via a chained SQL Injection and a PostgreSQL COPY TO PROGRAM attack. If the PostgreSQL user is a super user, any authenticated user can execute arbitrary OS commands on the databas...

Exploits1References1Affected Software1

EUVD•added 2026/05/26 5:1 p.m.•5 views

EUVD-2026-31907

Vulnrichment•added 2026/05/26 5:1 p.m.•5 views

CVE-2026-46624 Twenty: SQL Injection via the timeZone field

ATTACKERKB•added 2026/05/26 5:1 p.m.•4 views

CVE-2026-46624

Exploits1References2Affected Software1

CNNVD•added 2026/05/26 12:0 a.m.•3 views

Twenty 安全漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions 1.7.7 to 1.16.7 of Twenty contain security vulnerabilities. These vulnerabilities stem from SQL injection attacks via uncleaned timeZone parameters and PostgreSQL COPY TO PROGRAM attacks, which may allow authenticated users to...

9.9CVSS6.1AI score0.00204EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43352

Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...

9.9CVSS6.3AI score0.00204EPSS

Exploits1References5

RedhatCVE•added 2026/05/21 11:53 a.m.•6 views

CVE-2026-6474

A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...

4.3CVSS5.7AI score0.00032EPSS

Exploits0References4

UbuntuCve•added 2026/05/14 2:16 p.m.•2 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References4

Vulnrichment•added 2026/05/14 1:0 p.m.•2 views

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

4.3CVSS5.8AI score0.00032EPSS

Exploits0References1

CVE•added 2026/05/14 1:0 p.m.•72 views

CVE-2026-6474

CVE-2026-6474 involves PostgreSQL's timeofday() function, where an externally-controlled format string can cause memory disclosure. The vulnerability arises from crafted timezone zones and affects PostgreSQL versions before 18.4, 17.10, 16.14, 15.18, and 14.23. The connected documents provide the...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/14 1:0 p.m.•33 views

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

4.3CVSS0.00032EPSS

Exploits0References1

Tenable Nessus•added 2026/05/10 12:0 a.m.•3 views

SUSE SLES15 Security Update : java-17-openjdk (SUSE-SU-2026:1732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1732-1 advisory. Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker...

7.5CVSS7.3AI score0.00154EPSS

Tenable Nessus•added 2026/05/10 12:0 a.m.•7 views

openSUSE 16 Security Update : java-21-openjdk (openSUSE-SU-2026:20681-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20681-1 advisory. Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to...

7.5CVSS5.9AI score0.00154EPSS

Exploits0References24

Tenable Nessus•added 2026/05/10 12:0 a.m.•3 views

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2026:1703-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1703-1 advisory. Upgrade to upstream tag jdk-11.0.31+11 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon t...

7.5CVSS7.3AI score0.00154EPSS

Tenable Nessus•added 2026/05/10 12:0 a.m.•5 views

openSUSE 16 Security Update : java-17-openjdk (openSUSE-SU-2026:20680-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20680-1 advisory. Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to...

7.5CVSS5.9AI score0.00154EPSS

Exploits0References24

Tenable Nessus•added 2026/05/10 12:0 a.m.•2 views

SUSE SLED15 / SLES15 Security Update : java-21-openjdk (SUSE-SU-2026:1705-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1705-1 advisory. Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security:...

7.5CVSS5.9AI score0.00154EPSS

Tenable Nessus•added 2026/05/10 12:0 a.m.•4 views

SUSE SLES15 Security Update : java-11-openjdk (SUSE-SU-2026:1731-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1731-1 advisory. Upgrade to upstream tag jdk-11.0.31+11 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker...

7.5CVSS7.3AI score0.00154EPSS