Lucene search
+L

67 matches found

Cvelist
Cvelist
added 1 hour ago7 views

CVE-2026-63309 SurrealDB < 3.1.5 Information Disclosure via ORDER BY

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...

5.3CVSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44603

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

8.1CVSS6.1AI score0.00696EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 5:11 p.m.34 views

CVE-2026-45722 Nextcloud: Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to...

7.1CVSS0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.13 views

PT-2026-35953

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort asc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly a...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.7 views

CVE-2026-2279

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 7:1 p.m.10 views

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability

Authenticated Administrator+ SQL Injection via 'sortby' and 'sortorder' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin myLinksDump versions = 1.6...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/21 4:16 a.m.5 views

CVE-2026-2279

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.2CVSS0.00354EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.2 views

CVE-2026-2279

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References6
CVE
CVE
added 2026/03/21 3:26 a.m.11 views

CVE-2026-2279

The CVE concerns the WordPress plugin myLinksDump (WordPress plugin; vulnerable component: SQL construction in myLinksDump.php). Affected versions: all versions up to and including 1.6. Root cause: insufficient escaping of user-supplied parameters and lack of proper preparation of the existing SQ...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.6 views

CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.7 views

PT-2026-26830

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort by' and 'sort order' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/20 4:50 a.m.4 views

Information Disclosure

code.gitea.io/gitea is vulnerable to information disclosure. The vulnerability is due to improper exposure of user metadata through sortable fields such as last login time, which allows an attacker to infer users' login activity by manipulating the explore/users sort order...

5.3CVSS7.2AI score0.00328EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2025/12/30 1:49 a.m.8 views

GO-2025-4266 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

Gitea inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order in code.gitea.io/gitea...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/26 5:54 p.m.6 views

CVE-2025-68943

A flaw was found in Gitea. This vulnerability allows for the inadvertent disclosure of users' login times. A remote attacker can exploit this by utilizing the lastlogintime explore/users sort order, leading to the exposure of sensitive user activity information. Mitigation Mitigation for this iss...

5.3CVSS5.9AI score0.00328EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/26 6:30 a.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2025/12/26 4:15 a.m.8 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS0.00328EPSS
Exploits0References3
OSV
OSV
added 2025/12/26 3:19 a.m.4 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/12/26 12:0 a.m.4 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7.1AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1967

Malware in sbrugna...

2.6CVSS6.4AI score0.01335EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29190

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder