EUVD-2026-29079

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

CVE-2026-6093

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

CVE-2026-6093

CVE-2026-6093 describes a SQL injection vulnerability in Corteza’s MSSQL backend, triggered when filtering Compose records by the meta field. The root cause is an incorrect T-SQL string escaping, affecting Corteza 2024.9.8. Exploit details and mitigations are not provided in the connected documen...

CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

Corteza SQL注入漏洞

Corteza is an open-source low-code platform developed by the Corteza Project, designed for quickly building CRM, business processes, and structured data applications. The Corteza 2024.9.8 version contains a SQL injection vulnerability. This vulnerability arises from the SQL injection vulnerabilit...

PT-2026-39621

Name of the Vulnerable Software and Affected Versions Corteza version 2024.9.8 Description An issue exists in the Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field, which allows for SQL injection. SQL injection is a type of flaw that enables an attacker to...

Cross-site Scripting (XSS) - Reflected in cortezaproject/corteza-server

Description The logout function doesn't clean/filter value of "back" parameter before reflecting into html code leading to Reflected XSS vulnerability. Proof of Concept Visit URL: https://latest.cortezaproject.org/auth/logout?back=%22%3E%3Cscript%3Ealertorigin%3C/script%3E%3C%22 Poc:...

Denial of Service in cortezaproject/corteza-server

You can put a very long login email text until you get the last user to put and aries or DoS. Normally emails have 64 to 225 digits. Summary There is no limit to the number of characters in the login email, which allows a DoS attack. The DoS attack affects both server-side and client-side. NOTE:...

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server

💥 BUG Stored xss bug against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using this xss and can...