208 matches found
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2026-3582
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2025-66944
CVE-2025-66944 describes an SQL injection in the vran-dev databaseir v1.0.7 and earlier. A remote attacker can execute arbitrary code via the query parameter in the search API endpoint. No additional technical details, affected versions beyond those stated, or remediation are provided in the docu...
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
GHSA-QVR7-7G55-69XJ Pimcore Has an Incomplete Patch for CVE-2023-30848
Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...
Pimcore Has an Incomplete Patch for CVE-2023-30848
Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...
CVE-2025-15392
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...
CVE-2025-15392
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...
CVE-2025-15392 Kohana KodiCMS Search API Endpoint page.php like sql injection
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...
KodiCMS SQL注入漏洞
KodiCMS is a content management system from Kohana KodiCMS open source. A SQL injection vulnerability exists in KodiCMS 13.82.135 and earlier versions, which originates from the incorrect operation of the like function on the parameter keyword in the Search API Endpoint component file...
PT-2025-54416
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...
EUVD-2019-4041
Malware in sbrugna...
EUVD-2013-0261
Malware in sbrugna...
EUVD-2015-6689
Malware in sbrugna...
EUVD-2021-0610
Malware in sbrugna...
EUVD-2019-9240
Malware in sbrugna...
EUVD-2012-5439
Malware in sbrugna...
EUVD-2013-0219
Malware in sbrugna...
EUVD-2012-2692
Malware in sbrugna...
EUVD-2013-2654
Malware in sbrugna...