CVE-2022-26112 Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...

CVE-2022-26112 Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...

PT-2022-22324 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns HTTP Method manipulation, where the endpoint "https://bridge.tabit.cloud/configuration/addresses-query" can be exploited by sending a POST request to add addresses to the...

GTAB Software Tabit 安全漏洞

GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing, and printing fingerstyle music for guitar, bass, or banjo. GTAB Software Tabit suffers from a security vulnerability that stems from the fact that an attacker can query user data via one of its URL-mapped pag...

SQL Injection

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to SQL Injection through the item.query.php or view.query.php endpoints. An attacker can manipulate the database and execute unauthorized SQL commands by injecting malicious SQL code into the...

PT-2022-6345 · Casdoor · Casdoor

Name of the Vulnerable Software and Affected Versions: Casdoor versions prior to 1.13.1 Description: The query API in Casdoor has a SQL injection issue related to the field and value parameters. This is demonstrated by the "api/get-organizations" endpoint. The vulnerability may allow a remote...

Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...

PYSEC-2021-33

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...

Couchbase Sync Gateway and Couchbase Server Denial of Service Vulnerabilities

Couchbase Sync Gateway and Couchbase Server are both products of Couchbase Inc. Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web.Couchbase Server is a distributed open source Couchbase Server is a distributed open-source NoSQL non-relational...

PT-2019-16766 · Labkey · Labkey Server Community Edition

Name of the Vulnerable Software and Affected Versions: LabKey Server Community Edition versions prior to 18.3.0-61806.763 Description: A reflected cross-site scripting issue allows an unauthenticated remote attacker to inject arbitrary javascript. This is achieved via the onerror parameter in the...

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...