Lucene search
K

4 matches found

CVE
CVE
added yesterday7 views

CVE-2026-53448

Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...

7.2CVSS6.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.2 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 11:17 p.m.5 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS0.00656EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 10:39 p.m.2 views

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References3
Rows per page
Query Builder