10 matches found
CVE-2026-32954
ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...
CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation
ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...
PT-2026-26558
Name of the Vulnerable Software and Affected Versions ERP versions prior to 16.8.0 ERP versions prior to 15.100.0 Description The software contains a flaw due to insufficient parameter validation, leading to time-based and boolean-based blind SQL injection in certain endpoints. This allows...
CVE-2026-30241
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are...
CVE-2026-30241 Mercurius: queryDepth limit bypassed for WebSocket subscriptions
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are...
Uncontrolled Recursion
Overview mercurius is a GraphQL adapter for Fastify Affected versions of this package are vulnerable to Uncontrolled Recursion in the subscription queries received over WebSocket connections. An attacker can bypass intended query depth restrictions by submitting deeply nested subscription queries...
Linux Distros Unpatched Vulnerability : CVE-2023-38000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.12, prior to 16.4.3, and prior to 16.8.0-rc-1, which stems from an improper check of the LESS compiler permissions...
PT-2023-26245 · WordPress · Gutenberg +1
Name of the Vulnerable Software and Affected Versions: WordPress core versions 5.9 through 5.9.7 WordPress core versions 6.0 through 6.0.5 WordPress core versions 6.1 through 6.1.3 WordPress core versions 6.2 through 6.2.2 WordPress core versions 6.3 through 6.3.1 Gutenberg plugin versions = 16.8...
DEBIAN-CVE-2023-26144
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...