2762 matches found
CVE-2026-33083 DataEase has SQL Injection in Order By Clause
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...
CVE-2026-33083 DataEase has SQL Injection in Order By Clause
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...
CVE-2026-33082
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...
CVE-2026-33082
DataEase (open source data visualization tool) has a SQL injection vulnerability in the dataset export feature for versions 2.10.20 and earlier. The issue arises in the POST /de2api/datasetTree/exportDataset flow where expressionTree is deserialized into a filtering object and fed to WhereTree2St...
CVE-2026-33714
Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...
PT-2026-33351
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...
CVE-2026-33667
OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirmotp action of the twofactorauthentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing bruteforceblockafterfailedlogins setting...
CVE-2026-33714
Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...
EUVD-2026-22708
Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...
CVE-2026-33714
Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...
CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)
Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...
CVE-2026-33714
Chamilo LMS versions 2.0.0-RC.2 are affected by a SQL injection in the statistics AJAX endpoint (public/main/inc/ajax/statistics.ajax.php) where unsanitized parameters date_start and date_end in the users_active action interpolate into SQL. This follows an incomplete fix for CVE-2026-30881, which...
EUVD-2025-209446
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...
CVE-2025-65135
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...
CVE-2025-65135
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...
CVE-2025-65135
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...
school-management-system 安全漏洞
School-management-system is a school management system developed by Shubham kumar, an individual developer. This system is designed for schools or small institutions. Version 1.0 of School-management-system has a security vulnerability. This vulnerability stems from improper handling of the...
PT-2026-32659
CVE-2025-65135 In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fr… https://t.co/otOrMUqUKm...
PT-2026-32914
CVE-2026-33714 Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an inc… https://t.co/Zf7eLCVgfW...