Lucene search
+L

3538 matches found

Nuclei
Nuclei
added 5 hours ago91 views

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. id: CVE-2023-47643 info: name: SuiteCRM Unauthenticated Graphql Introspection author: isacaya severity: medium description: | Graphql Introspection is enabled without...

5.3CVSS5.6AI score0.03002EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added yesterday7 views

AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...

8.6CVSS5.2AI score0.00305EPSS
Exploits0References6Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-16008

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...

6.5CVSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16008

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...

6.5CVSS5AI score
Exploits0References9Affected Software1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-16008 sagold json-schema-library propertyDependencies.ts parsePropertyDependencies prototype pollution

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...

6.5CVSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60739

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...

6.5CVSS5AI score
Exploits0References9
NVD
NVD
added 2 days ago8 views

CVE-2026-63397

remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...

7.1CVSS0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45031

remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...

7.1CVSS6.2AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-63397

CVE-2026-63397 : The NVD/CVE entries describe a vulnerability in remorses/genql prior to version 6.3.4 where an authenticated attacker who can control the GraphQL schema passed to genql can inject arbitrary JavaScript or TypeScript. The injected code is written into the generated schema.ts file a...

7.1CVSS6.2AI score0.00254EPSS
Exploits0References4
ICS
ICS
added 2 days ago5 views

remorses/genql code injection

RISK EVALUATION remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is...

7.1CVSS5.6AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-55410

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from metadata.json into shell command strings executed with...

6.7CVSS0.0037EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-55410 NocoBase backup restore schema name allows command injection

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from metadata.json into shell command strings executed with...

6.7CVSS0.0037EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-55410 NocoBase backup restore schema name allows command injection

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from metadata.json into shell command strings executed with...

6.7CVSS6.2AI score0.0037EPSS
Exploits0References5
OSV
OSV
added 3 days ago5 views

CVE-2026-45417 DataEase: SQL injection vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS6.2AI score0.00227EPSS
Exploits0References5
NVD
NVD
added 3 days ago5 views

CVE-2026-59255

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-59255 BloodHound Missing Authorization on Custom Node Management API

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS0.00246EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-44754

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-59255

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

CVE-2026-59255 BloodHound Missing Authorization on Custom Node Management API

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References7
CVE
CVE
added 3 days ago7 views

CVE-2026-59255

BloodHound (through 9.4.0) contains a missing authorization flaw in the custom-nodes API endpoints that lets any authenticated user modify the global graph schema by calling unprotected POST, PUT, and DELETE operations. The issue affects the custom-nodes management API and can affect all users/te...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
Rows per page
Query Builder