Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

Graphiti 安全漏洞

Graphiti is a framework developed by Zep for building temporal context graphs for AI agents. Versions of Graphiti prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from the JSONAPI writing feature not verifying the relationship names provided by users, which could...

CVE-2026-33286

CVE-2026-33286 (Graphiti) affects Graphiti prior to 1.10.2. The vulnerability arises because Graphiti::Util::ValidationResponse#all_valid? calls model.send(name) using relationship names directly from user-supplied JSONAPI payloads during write operations (create/update/delete) without validating...

GHSA-3M5V-4XP5-GJG2 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

EUVD-2026-2770

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2025-14184

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-14184

CVE-2025-14184 affects SGAI Space1 NAS N1211DS (firmware up to 1.0.915). The gsaiagent component exposes a vulnerability in the /cgi-bin/JSONAPI handling of RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD that enables command injection. The issue can be triggered remotely; public disclosure of the exploit ...

CVE-2025-14184 SGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injection

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

EUVD-2025-201592

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

CVE-2025-14183

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

PT-2025-49395

Name of the Vulnerable Software and Affected Versions SGAI Space1 NAS N1211DS versions through 1.0.915 Description A command injection issue exists in the gsaiagent component. The RENAME FILE/OPERATE FILE/NGNIX UPLOAD function within the /cgi-bin/JSONAPI file is susceptible to manipulation, leadi...

[SECURITY] Fedora 43 Update: gopass-jsonapi-1.16.0-1.fc43

Gopass Browser Bindings...

Fedora 43 : gopass-jsonapi (2025-d4a04dda81)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d4a04dda81 advisory. Update to 1.6.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

Fedora: Security Advisory for gopass-jsonapi (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: gopass-jsonapi-1.11.1-2.20220511git5dc831e.fc36

Gopass Browser Bindings...