Lucene search
+L

6 matches found

CVE
CVE
added yesterday7 views

CVE-2026-9586

CVE-2026-9586 describes an unauthenticated SQL injection in Sangoma Switchvox SMB Edition 8.3. The vulnerable component is the /pa endpoint, which processes XML beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries, enabling arbitrary SQL execution an...

9.3CVSS6.7AI score
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-45084

OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with asset creation or rename permissions can inject SQL through...

7.2CVSS6.1AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60810

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS6.6AI score
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-62361

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/01/16 12:16 a.m.5 views

CVE-2021-47782

Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate...

8.2CVSS0.00411EPSS
Exploits0References3
CVE
CVE
added 2026/01/15 11:25 p.m.18 views

CVE-2021-47782

Odine Solutions GateKeeper 1.0 is affected by a SQL injection in the trafficCycle API endpoint (/rass/api/v1/trafficCycle/). The root cause is a database query manipulation in PostgreSQL that could lead to extraction of sensitive information. Mitigation: apply updates to address the SQL injection...

8.2CVSS7.5AI score0.00411EPSS
Exploits0References3
Rows per page
Query Builder