Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/03/06 5:16 a.m.6 views

CVE-2026-28785

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the...

9.8CVSS0.00078EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/06 4:27 a.m.3 views

EUVD-2026-9995

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the...

9.3CVSS6.1AI score0.00078EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/06 4:27 a.m.3 views

CVE-2026-28785 Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the...

9.3CVSS6AI score0.00078EPSS
Exploits0References2
OSV
OSVadded 2026/03/06 4:27 a.m.3 views

CVE-2026-28785 Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the...

9.3CVSS6AI score0.00078EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/06 12:0 a.m.4 views

Ghostfolio SQL注入漏洞

Ghostfolio is an open-source personal wealth management software developed by Ghostfolio. Versions of Ghostfolio prior to 2.244.0 contained a SQL injection vulnerability. This vulnerability stemmed from bypassing symbol validation, which could allow arbitrary SQL commands to be executed through t...

9.8CVSS6AI score0.00078EPSS
Exploits0References2
NVD
NVDadded 2022/04/26 11:15 p.m.14 views

CVE-2022-27888

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information session tokens. This issue was fixed in 2.249.1...

5.5CVSS0.00058EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/04/26 10:35 p.m.16 views

CVE-2022-27888 The Foundry Issues service was found to be logging in a manner that captured session tokens.

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information session tokens. This issue was fixed in 2.249.1...

5.5CVSS5.5AI score0.00058EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/03/29 9:0 p.m.2 views

CVE-2022-27888

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information session tokens. This issue was fixed in 2.249.1...

5.5CVSS6AI score0.00058EPSS
Exploits0References2
Rows per page
Query Builder