Lucene search
+L

188 matches found

nvd
nvd
added 2 days ago6 views

CVE-2026-56287

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

8.1CVSS0.00696EPSS
Exploits0References3
nvd
nvd
added 2 days ago6 views

CVE-2026-35152

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

8.8CVSS0.03492EPSS
Exploits0References4
cve
cve
added 2 days ago21 views

CVE-2026-57821

Apache Fineract Office Search API (GET /api/v1/offices) is affected up to version 1.14.0. The vulnerability arises from a SQL injection in the orderBy parameter, which is concatenated into a SQL query without adequate validation. An authenticated user with permission to view offices can inject ar...

8.1CVSS6.1AI score0.00791EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2 days ago36 views

CVE-2026-57821 Apache Fineract: Office list: SQL Injection via Subquery in orderBy

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

0.00791EPSS
Exploits1References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-44605

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS6.1AI score0.00791EPSS
Exploits1References3
cvelist
cvelist
added 2 days ago35 views

CVE-2026-35152 Apache Fineract: SQL injection in runreports endpoint

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

0.03492EPSS
Exploits0References3
cve
cve
added 2 days ago11 views

CVE-2026-35152

The CVE covers a SQL Injection in Apache Fineract’s Report Execution API (runreports endpoint) affecting versions up to and including 1.14.0. The vulnerability arises because report parameter values are embedded into the generated SQL without sufficient validation, enabling an authenticated user ...

8.8CVSS6.2AI score0.03492EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2 days ago5 views

EUVD-2026-44604

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

8.8CVSS6.2AI score0.03492EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago34 views

CVE-2026-56287 Apache Fineract: Boolean SQL Injection in Client Search API (orderBy parameter) leading to Local File Disclosure

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

0.00696EPSS
Exploits0References2
euvd
euvd
added 2 days ago5 views

EUVD-2026-44603

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

8.1CVSS6.1AI score0.00696EPSS
Exploits0References2
cve
cve
added 2 days ago12 views

CVE-2026-56287

Summary: CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The orderBy and sortOrder parameters are concatenated into a SQL query without sufficient validation, enabling an authenticated user to inj...

8.1CVSS6.1AI score0.00696EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/01/09 12:41 p.m.8 views

CVE-2023-25195

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...

8.1CVSS7AI score0.00982EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 12:41 p.m.8 views

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

4.3CVSS7.5AI score0.01297EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:47 a.m.8 views

CVE-2025-23408

Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release...

8.5CVSS6.9AI score0.00448EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/25 12:0 a.m.4 views

Apache Fineract Security Bypass Vulnerability

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...

8.1CVSS6.8AI score0.00339EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/25 12:0 a.m.8 views

Apache Fineract Information Disclosure Vulnerability

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an informatio...

8.5CVSS6.3AI score0.00448EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/25 12:0 a.m.9 views

Apache Fineract Information Disclosure Vulnerability (CNVD-2026-00006)

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...

9.1CVSS6.2AI score0.00372EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/13 9:41 a.m.6 views

CVE-2025-58137

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

8.1CVSS6.9AI score0.00339EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/13 9:41 a.m.8 views

CVE-2025-58130

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

9.1CVSS6.9AI score0.00372EPSS
Exploits0References1
euvd
euvd
added 2025/12/12 12:30 p.m.9 views

EUVD-2025-203066

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

8.1CVSS6.4AI score0.00339EPSS
Exploits0References3
Rows per page
Query Builder