Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Nuclei
Nucleiadded 20 hours ago23 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6AI score0.04817EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/05/14 1:0 p.m.8 views

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00041EPSS
Exploits0
OSV
OSVadded 2026/04/22 8:9 p.m.3 views

GHSA-4948-F92Q-F432 @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...

7.5CVSS5.9AI score0.04817EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.1 views

PT-2026-34609

Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...

8.8CVSS6.1AI score0.04817EPSS
Exploits1References13
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.3 views

PT-2026-22205

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description wger is a free, open-source workout and fitness manager. An issue exists where three nutritional values action endpoints bypass user-scoped querysets via a raw ORM call, specifically Model.objects.getpk=p...

4.3CVSS6AI score0.0004EPSS
Exploits1References7
CVE
CVEadded 2025/11/20 12:52 p.m.15 views

CVE-2025-41076

LimeSurvey 6.13.0 is affected by an information-exposure issue triggered by malformed session cookies, causing HTTP 500 errors that leak internal backend details. The reports consistently specify exposure of backend stack elements such as the Yii framework, the MySQL/MariaDB engine, table name li...

6.9CVSS6.3AI score0.00041EPSS
Exploits0References1Affected Software1
HackRead
HackReadadded 2021/08/27 8:54 p.m.33 views

Whitehat hackers accessed primary keys of Azure’s Cosmos DB customers

By Saad Rajpoot The vulnerability existed in Microsoft Azure’s flagship database service Cosmos DB for approximately two years. This is a post from HackRead.com Read the original post: Whitehat hackers accessed primary keys of Azures Cosmos DB customers...

2.7AI score
Exploits0
Rows per page
Query Builder