Lucene search
K

32 matches found

Veracode
Veracode
added 2026/05/16 5:33 a.m.11 views

SQL Injection

github.com/ory/hydra is vulnerable to SQL Injection. The vulnerability is due to flaws in the pagination token implementation in the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs, which allows an attacker who knows the pagination or system secret to...

7.2CVSS6.7AI score0.00349EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.7 views

SUSE CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.9 views

SUSE CVE-2026-33504

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS6.2AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.15 views

SUSE CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 7:17 p.m.5 views

CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:37 p.m.9 views

EUVD-2026-13916

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

9.3CVSS6.2AI score0.00442EPSS
Exploits3References13
Cvelist
Cvelist
added 2026/03/26 6:37 p.m.24 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 6:37 p.m.5 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 6:37 p.m.10 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 6:16 p.m.4 views

CVE-2026-33504

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS0.00349EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 6:16 p.m.6 views

CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 5:38 p.m.8 views

CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS6.1AI score0.00349EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 5:38 p.m.40 views

CVE-2026-33504

Ory Hydra (OAuth 2.0 Server / OpenID Connect provider) contains a SQL injection flaw in admin APIs listed as listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers, prior to version 26.2.0. The issue arises from pagination token handling: tokens are signed/encrypted us...

7.2CVSS6.2AI score0.00349EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/26 5:38 p.m.25 views

CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS0.00349EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/26 5:38 p.m.3 views

CVE-2026-33504

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS6.6AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 5:32 p.m.23 views

CVE-2026-33503 Ory Kratos has a SQL injection via forged pagination tokens

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 5:32 p.m.27 views

CVE-2026-33503

Ory Kratos (identity system) contains a SQL injection vulnerability in the ListCourierMessages Admin API prior to version 26.2.0 due to flaws in pagination. Pagination tokens are encrypted with the secret configured in secrets.pagination; an attacker who knows this secret can craft tokens that tr...

7.2CVSS5.9AI score0.00252EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:32 p.m.5 views

CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS5.9AI score0.00252EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder