CVE-2026-34400

Alerta (monitoring tool) prior to 9.1.0 is affected by a SQL injection in the Query string search API (q=) due to interpolating user input into SQL via f-strings. The issue can impact query construction in PostgreSQL, and has been patched in version 9.1.0. Public references across multiple feeds ...

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

PT-2026-27167

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...

SUSE CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...

MantisBT Cross-Site Request Forgery Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site request forgery vulnerability exists in MantisBT versions prior to 2.4.1, which stems from a missing...