Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-52093

🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/18 7:54 a.m.62 views

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/17 10:16 p.m.6 views

CVE-2026-40352

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...

8.8CVSS0.0038EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

8.8CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 10:12 a.m.12 views

CVE-2026-3023

CVE-2026-3023 affects the Wakyma web application, specifically the endpoint VetS.wakyma.com/pets/print-tags. The issue is a NoSQL injection (NoSQLi) in a POST request that authenticated users can abuse to inject NoSQL commands, enabling listing of pets and owner names. Multiple connected entries ...

8.8CVSS5.9AI score0.00329EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/16 10:11 a.m.16 views

CVE-2026-3022

The CVE-2026-3022 entry concerns the Wakyma web application. A NoSQL injection (NoSQLi) vulnerability exists in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary, where an authenticated user can modify a POST request to inject NoSQL commands and potentially access cust...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:11 a.m.4 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 10:11 a.m.29 views

CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/pets/print-tags. This vulnerability could allow authenticated users to list pets and...

8.8CVSS5.8AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25670

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

Wakyma 安全漏洞

Wakyma is a pet management app developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary. This vulnerability could allow authenticated...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/centro/equipo/empleado. This vulnerability could allow authenticated users to enumerate...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 2:47 p.m.3 views

BIT-PARSE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verification...

8.7CVSS5.8AI score0.00455EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 9:5 p.m.9 views

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

9.3CVSS5.5AI score0.00337EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/06 6:59 p.m.189 views

Bugbounty-Scanner-Suite

Bugbounty Scanner Suite Herramienta todo-en-uno para automati...

5.5AI score
Exploits0
OSV
OSV
added 2024/10/29 10:15 p.m.3 views

CVE-2024-48573

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...

9.8CVSS5.8AI score0.01EPSS
Exploits2References1
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.6 views

Agentejo Cockpit SQL注入漏洞

Agentejo Cockpit is a self-hosted "headless" and api driven lightweight, open source content management system. A NoSQL injection vulnerability exists in Agentejo Cockpit prior to version 0.11.2. The vulnerability can be exploited to conduct NoSQL injection attacks via the Controller/Auth.php che...

9.8CVSS5.8AI score0.93201EPSS
Exploits10References8
Rows per page
Query Builder