SUSE CVE-2017-18901

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document...

CVE-2023-7334

Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...

SQL Injection

Overview @veramo/data-store-json is a Veramo data storage based on a JSON tree Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queri...

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2025-13062

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

Type Confusion

Preact is vulnerable to Type Confusion. The vulnerability is due to weakened JSON serialization protections that allow specially crafted JSON objects to be treated as valid Virtual DOM nodes, which allows an attacker to inject malicious HTML or scripts when untrusted data is rendered without prop...

CVE-2025-59870 Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

WordPress Supreme Modules Lite plugin <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via JSON Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Supreme Modules Lite versions = 2.5.62...

HCL MyXalytics security vulnerabilities

HCL MyXalytics is an analytical software product developed by the Indian company HCL. It is used for data analysis and related tasks. Version HCL MyXalytics v6.7 contains a security vulnerability. This vulnerability stems from improper management of the static JWT signature key and lack of...

PT-2026-3243

Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.7 Description The web application does not rotate the JWT signing secret, resulting in improper management of a static secret. This introduces a security risk. Recommendations Rotate the JWT signing secret in the web...

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.14-1.el7 (AXSA:2018-3311:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3311:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...

MiracleLinux 4 : ruby-1.8.7.352-13.AXS4 (AXSA:2014-036:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-036:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 4 : postgresql92-postgresql-9.2.14-1.AXS4 (AXSA:2015-566:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-566:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...

MiracleLinux 4 : rh-postgresql94-postgresql-9.4.5-1.AXS4 (AXSA:2015-867:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-867:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll nee...

CVE-2023-7334

Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

EUVD-2026-2770

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763

CVE-2021-47763 affects Aimeos 2021.10 LTS. The vulnerability is a SQL injection in the json API 'sort' parameter, exploitable via crafted GET requests to the /jsonapi/review endpoint, enabling disclosure of table and column names. Multiple connected sources corroborate the issue and reference aff...