CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

EUVD-2026-25670

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

Envoy Proxy 注入漏洞

Envoy Proxy is an open-source cloud-native high-performance edge/intermediate/service proxy. Versions of Envoy Proxy prior to 1.33.0 have a injection vulnerability, which stems from a function in the Query Parameter Handler component’s file...

PT-2026-35167

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header mutation/header mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patc...

PT-2026-34239

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DataTable widget when a query parameter is rendered without proper output escaping. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a user into visiting a craft...

CVE-2026-27937

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

CVE-2026-27937

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

PT-2026-34004

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

CVE-2026-32135

NanoMQ (MQTT broker) is affected in versions prior to 0.24.11 by a remotely triggerable heap buffer overflow in the uri_param_parse function of the REST API due to an off-by-one error when allocating memory for query parameter keys/values. An attacker can trigger this via a crafted HTTP request, ...

Missing Authentication for Critical Function

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the authenticated middleware, which uses unanchored regular expressions to match public endpoint...

GHSA-XHQ9-58FW-859P ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API

Summary The getRestQuery method in the @apostrophecms/piece-type module checks whether a MongoDB projection has already been set before applying the admin-configured publicApiProjection. An unauthenticated attacker can supply a project query parameter in the REST API request to pre-populate the...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources in net/url [CVE-2025-61726]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources due to a failure of the net/url package to set a limit on the number of query parameters in a queryCVE-2025-61726. Net/url is used in our speech utilities. This vulnerabilitiy has been addressed. Please...

VulnCheck KEV: CVE-2024-57046

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...

GHSA-J56C-WPQM-H24X Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows...

CVE-2026-35618

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

CVE-2026-35618

OpenClaw OpenClaw package (Plivo V2 verification) vulnerability CVE-2026-35618 affects OpenClaw before 2026.3.23. The replay protection uses a replay key derived from the full verification URL, including query strings, instead of the base canonical URL. This allows an attacker to mint new verifie...

CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling e.g., when an invalid magic code is submitted. Transmitting personally...

CVE-2026-34969 Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback

Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers,...

CVE-2026-33403 Pi-hole has a Reflected XSS / HTML injection in taillog.js

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected DOM-based XSS vulnerability in taillog.js allows an unauthenticated attacker to inject arbitrary HTML into the Pi-hole admin interface...