Lucene search
K

37 matches found

NVD
NVD
added yesterday7 views

CVE-2026-61450

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-61450

Grav prior to 2.0.2 contains a Twig sandbox bypass that enables a page author (including any admin.pages user or anyone with write access to user/pages) to exfiltrate configuration secrets. The sandbox replaces the config variable with a redacted facade and strips Config::get/toArray from the all...

7.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42903

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/04/24 9:16 p.m.3 views

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 8:52 p.m.3 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.8AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:52 p.m.6 views

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/24 8:52 p.m.32 views

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 4:16 p.m.7 views

CVE-2026-34402

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to...

0.00021EPSS
Exploits0
Snyk
Snyk
added 2026/03/20 8:47 p.m.3 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the onpublish function. An attacker can extract sensitive database contents, including user password hashes, email addresses, API keys, and...

10CVSS6AI score0.00468EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/18 5:16 p.m.4 views

CVE-2026-32610

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

8.1CVSS5.8AI score0.00339EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/17 9:43 p.m.5 views

Insufficiently Protected Credentials

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the skills.status function. An attacker can access sensitive configuration secrets by invoking this function with read-level privileges, which...

5.3CVSS5.7AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/16 12:30 p.m.10 views

EUVD-2026-6096

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00501EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26384

Malware in sbrugna...

4.4CVSS4.8AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5136

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.01985EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-46903

Malicious code in bioql PyPI...

4.4CVSS6.5AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41797

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.15 views

CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...

4.4CVSS6.5AI score0.00261EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/18 5:41 a.m.10 views

Insertion Of Sensitive Information Into Log Files

org.apache.activemq:artemis-project is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of sensitive data in debug logging and the ConfigurationImpl logger exposing all broker property values, including credentials or tokens. It allows ...

6.8CVSS6.2AI score0.00358EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2024/11/21 11:15 a.m.8 views

CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...

4.4CVSS5.8AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/11/21 11:15 a.m.23 views

CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...

4.4CVSS0.00261EPSS
Exploits0References1
Rows per page
Query Builder