Lucene search
K

6118 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-23513

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 8:36 p.m.27 views

CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

6CVSS0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:11 p.m.7 views

CVE-2026-23513

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS5.9AI score0.00282EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/23 6:17 p.m.5 views

DEBIAN-CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.5 views

CVE-2025-61025

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.5 views

CVE-2025-61027

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:16 p.m.4 views

DEBIAN-CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.10 views

CVE-2025-61028

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.32 views

CVE-2025-61018

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61028

CVE-2025-61028 affects the virtuoso-opensource product (time_t_to_dt component) in version 7.2.11. A flaw allows an attacker to trigger a Denial of Service by sending crafted SQL statements, potentially making the system unavailable to legitimate users. The Red Hat and OSV Ubuntu entries corrobor...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.32 views

CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61028

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61024

CVE-2025-61024 concerns the openlink virtuoso-opensource product, specifically the sqlo_try_in_loop component in version 7.2.11. The issue allows an attacker to trigger a Denial of Service (DoS) by sending crafted SQL statements. The CVSSv3.1 metrics indicate a NETWORK attack vector, low attack c...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.30 views

CVE-2025-61025

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51637

Name of the Vulnerable Software and Affected Versions Budibase server versions prior to 3.39.1 Description An issue exists where the enrichContext function substitutes parameter values into the raw JSON body of a query and then parses the result using JSON.parse. The validateQueryInputs function...

10CVSS5.9AI score0.00538EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51544

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the t set push component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no information...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/23 12:0 a.m.4 views

CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0
EUVD
EUVD
added 2026/06/22 4:43 p.m.6 views

EUVD-2024-36468

OpenCTI May Bypass Introspection Restriction...

8.2CVSS5.8AI score0.00442EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 8:16 p.m.15 views

CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:21 p.m.6 views

CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder