2345 matches found
EUVD-2026-29512
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-34187
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-34187 SQL Injection in Graph Container Parameter
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-34187
The CVE-2026-34187 vulnerability affects Pandora FMS, specifically versions 777 through 800. It is described as an improper neutralization of special elements used in an SQL command, enabling SQL Injection via a graph container parameter. According to the NVD metrics, the issue has a CVSS v3.1 ba...
CVE-2026-34187 SQL Injection in Graph Container Parameter
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the GraphQL address element parser’s failure to apply pattern-range filtering on top-level...
PT-2026-40067
Name of the Vulnerable Software and Affected Versions Pandora FMS versions 777 through 800 Description Improper neutralization of special elements used in an SQL command allows SQL Injection via the graph container parameter. SQL Injection is a technique where an attacker inserts malicious SQL co...
PT-2026-40468
Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A broken access control issue allows an adversary who knows an...
PT-2026-40470
Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description Broken Access Control allows unauthorized reading of sketch logs from any user. This issue affects an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and...
CVE-2026-42181
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
strix-advanced
⚡ Strix-Advanced AI-Powered Security Testing Platform An...
Oracle Poisoning: Corrupting Knowledge Graphs to Weaponise AI Agent Reasoning
We define Oracle Poisoning, an attack class in which an adversary corrupts a structured knowledge graph that AI agents query at runtime via tool-use protocols, causing incorrect conclusions through correct reasoning. Unlike prompt injection, Oracle Poisoning manipulates the data agents reason ove...
CVE-2026-42181
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
CVE-2026-42181
Lemmy prior to 0.19.18 is vulnerable to SSRF through post link metadata: the system validates the top-level URL against internal ranges, but the og:image URL extracted from the page is not subjected to the same restriction. An authenticated low-privileged user can post a page whose og:image point...
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
EUVD-2026-28820
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
CVE-2026-42181
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
EUVD-2026-28808
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...
org.apache.nifi:nifi-other-graph-services-nar (>=2.0.0 <=2.8.0) potentially affected by CVE-2026-39816 via org.apache.nifi:nifi-other-graph-services (>=2.0.0-M1 <=2.8.0)
org.apache.nifi:nifi-other-graph-services MAVEN version =2.0.0-M1, =2.0.0, =2.8.0 Source cves: CVE-2026-39816 Source advisory: SNYK:JAVA-ORGAPACHENIFI-16691310...