CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/09/12 9:15 p.m.•21 views

PYSEC-2023-173

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

5.3CVSS7AI score0.00438EPSS

CVE•added 2023/09/12 8:3 p.m.•64 views

CVE-2023-41885

CVE-2023-41885 affects Piccolo ORM. The BaseUser.login implementation leaks timing information, enabling malicious users to enumerate valid usernames (time-based user enumeration). Affected: versions before 0.121.0; fixed in 0.121.0. Impact is information disclosure and potential follow-on attack...

5.3CVSS5.2AI score0.00438EPSS

Exploits0References2Affected Software1

OSV•added 2023/09/11 2:43 p.m.•14 views

GHSA-4CPV-669C-R79X Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

6.5CVSS6.3AI score0.01336EPSS

Exploits0References6

Symfony•added 2023/09/11 12:0 a.m.•9 views

CVE-2023-41336: symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields

Affected Versions Versions 2.11.1 are of the symfony/ux-autocomplete package are affected by this security issue. Description Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that...

6.5CVSS6.2AI score0.01336EPSS

Exploits0

Positive Technologies•added 2023/09/11 12:0 a.m.•4 views

PT-2023-27912 · Symfony · Symfony/Ux-Autocomplete

Name of the Vulnerable Software and Affected Versions: symfony/ux-autocomplete versions prior to 2.11.2 Description: The issue allows an attacker to submit an entity id for an EntityType that is not part of the valid choices under certain circumstances. This can occur in applications that use a...

6.5CVSS6.2AI score0.01336EPSS

Exploits0References12

Snyk•added 2023/06/06 8:20 a.m.•1 views

Malicious Package

Overview influx-query-builder is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score

Exploits0References3

ATTACKERKB•added 2022/10/07 11:15 a.m.•2 views

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS7.5AI score0.00281EPSS

ATTACKERKB•added 2022/10/07 11:15 a.m.•2 views

CVE-2022-40829

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orlike function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS7.5AI score0.00281EPSS

ATTACKERKB•added 2022/10/07 11:15 a.m.•1 views

CVE-2022-40833

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherein function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS7.5AI score0.00281EPSS

CVE-2022-40826

OSV•added 2022/10/07 11:15 a.m.•0 views

CVE-2022-40828

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherenotin function. Note: Multiple third parties have disputed this as not a valid vulnerability...

OSV•added 2022/10/07 11:15 a.m.•0 views

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS5.9AI score0.00281EPSS

Exploits1References2

OSV•added 2022/10/07 11:15 a.m.•0 views

CVE-2022-40829

ATTACKERKB•added 2022/10/07 11:15 a.m.•1 views

CVE-2022-40835

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS7.5AI score0.00264EPSS

CVE-2022-40830

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherenotin function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS5.9AI score0.00281EPSS

CVE-2022-40832

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php having function. Note: Multiple third parties have disputed this as not a valid vulnerability...

Exploits1References2

OSV•added 2022/10/07 11:15 a.m.•2 views

CVE-2022-40824

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwhere function. Note: Multiple third parties have disputed this as not a valid vulnerability...