Lucene search
K

6 matches found

CVE
CVE
added 4 days ago7 views

CVE-2026-57230

OpenReplay (self-hosted session replay) prior to 1.27.0 is affected by an authenticated SQL injection in the session search and analytics API for enterprise editions with multi-tenancy enabled. The vulnerability arises from building ClickHouse queries by inserting user input into the query string...

5.4CVSS6.1AI score0.00207EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 9:17 p.m.6 views

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

8.1CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 8:5 p.m.4 views

CVE-2026-33142 OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 8:5 p.m.25 views

CVE-2026-33142 OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

8.1CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:5 p.m.15 views

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 8:5 p.m.31 views

CVE-2026-33142 OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

8.1CVSS6AI score0.00301EPSS
Exploits0References3
Rows per page
Query Builder