Lucene search
K

216682 matches found

OSV
OSV
added 2026/03/26 8:32 p.m.4 views

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

5.3CVSS5.9AI score0.00276EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.8 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

8.3CVSS7.6AI score0.00754EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/26 7:47 p.m.11 views

Important: Red Hat Security Advisory: Satellite 6.18.4 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

10CVSS6.7AI score0.01945EPSS
Exploits3References16
RedHat Linux
RedHat Linux
added 2026/03/26 7:47 p.m.7 views

rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS5.9AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/03/26 7:17 p.m.4 views

CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 7:17 p.m.3 views

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

7.7CVSS0.00373EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 6:37 p.m.21 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 6:37 p.m.25 views

CVE-2026-33505

Ory Keto (GetRelationships API) is vulnerable to SQL injection before version 26.2.0 due to flaws in pagination. Pagination tokens are encrypted with secrets.pagination; if an attacker knows this secret, they can forge tokens that inject SQL. If secrets.pagination is not set, a public default sec...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 6:37 p.m.9 views

EUVD-2026-13916

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

9.3CVSS6.2AI score0.00442EPSS
Exploits3References13
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:37 p.m.4 views

CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 6:37 p.m.5 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 6:37 p.m.6 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 6:16 p.m.3 views

CVE-2026-33504

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS0.00349EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 6:16 p.m.5 views

CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 6:12 p.m.3 views

GHSA-FJ74-QXJ7-R3VC AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query

Summary In objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An attacker who can control the videosid value via a crafted request can inject...

7.1CVSS6AI score0.00509EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/26 6:12 p.m.6 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection in the getLike function in objects/like.php when user-supplied input for videosid is directly concatenated into a SQL query without proper...

8.8CVSS6AI score0.00509EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/26 6:12 p.m.7 views

AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query

Summary In objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An attacker who can control the videosid value via a crafted request can inject...

8.8CVSS6AI score0.00509EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 5:38 p.m.23 views

CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 5:38 p.m.28 views

CVE-2026-33504

Ory Hydra (OAuth 2.0 Server / OpenID Connect provider) contains a SQL injection flaw in admin APIs listed as listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers, prior to version 26.2.0. The issue arises from pagination token handling: tokens are signed/encrypted us...

7.2CVSS6.2AI score0.00349EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 5:38 p.m.0 views

CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS6.2AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder