138 matches found
CVE-2026-9065
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...
CVE-2026-9065
SureCart
CVE-2026-9065
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...
EUVD-2026-31072
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...
PT-2026-42123
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'model name', 'model id', 'integration id', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...
EUVD-2026-27875
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API...
CVE-2026-26274
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...
CVE-2026-26274
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...
CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...
CVE-2026-26274
The CVE concerns October CMS. A flaw in the Twig sandbox policy allowed backend users with Developer permissions to perform database write operations (insert, update, delete) through the query builder when cms.safe_mode was enabled, bypassing safeguards. This affected versions prior to 3.7.14 and...
CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...
PT-2026-34003
Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.14 October versions prior to 4.1.10 Description A flaw in the Twig sandbox security policy allows database write operations when cms.safe mode is enabled. Backend users with Developer permissions can use Twig...
CVE-2026-4662
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...
EUVD-2026-14743
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...
CVE-2026-4662
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...
PT-2026-27331
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...
WordPress plugin JetEngine SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
EUVD-2025-204947
Malicious code in @ownbackup/ob-query-builder npm...
MAL-2025-192706 Malicious code in @ownbackup/ob-query-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e883403626d57ea766a1c9e33634ceb5558b9293ef87e9fb60ffa6d052e2454 The package @ownbackup/ob-query-builder was found to contain malicious code...