Lucene search
K

2762 matches found

Vulnrichment
Vulnrichment
added 2026/04/16 5:52 p.m.9 views

CVE-2026-33083 DataEase has SQL Injection in Order By Clause

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/16 5:52 p.m.26 views

CVE-2026-33083 DataEase has SQL Injection in Order By Clause

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.7CVSS0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 5:39 p.m.5 views

CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

8.7CVSS6AI score0.00325EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:39 p.m.6 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

8.7CVSS6AI score0.00325EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/16 5:39 p.m.15 views

CVE-2026-33082

DataEase (open source data visualization tool) has a SQL injection vulnerability in the dataset export feature for versions 2.10.20 and earlier. The issue arises in the POST /de2api/datasetTree/exportDataset flow where expressionTree is deserialized into a filtering object and fed to WhereTree2St...

9.8CVSS6AI score0.00325EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.4 views

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

7.2CVSS6AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.4 views

PT-2026-33351

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

8.7CVSS6AI score0.00325EPSS
Exploits1References4
NVD
NVD
added 2026/04/15 7:16 p.m.8 views

CVE-2026-33667

OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirmotp action of the twofactorauthentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing bruteforceblockafterfailedlogins setting...

7.4CVSS0.00296EPSS
Exploits1References1
NVD
NVD
added 2026/04/14 9:16 p.m.3 views

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

7.2CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 9:0 p.m.3 views

EUVD-2026-22708

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:0 p.m.4 views

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

8.8CVSS6AI score0.00276EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:0 p.m.18 views

CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

7.1CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 9:0 p.m.16 views

CVE-2026-33714

Chamilo LMS versions 2.0.0-RC.2 are affected by a SQL injection in the statistics AJAX endpoint (public/main/inc/ajax/statistics.ajax.php) where unsanitized parameters date_start and date_end in the users_active action interpolate into SQL. This follows an incomplete fix for CVE-2026-30881, which...

7.2CVSS6AI score0.00258EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/14 6:30 p.m.7 views

EUVD-2025-209446

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS5.9AI score0.00285EPSS
Exploits1References3
NVD
NVD
added 2026/04/14 4:16 p.m.3 views

CVE-2025-65135

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS0.00285EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2025-65135

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS5.9AI score0.00285EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.28 views

CVE-2025-65135

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS0.00285EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

school-management-system 安全漏洞

School-management-system is a school management system developed by Shubham kumar, an individual developer. This system is designed for schools or small institutions. Version 1.0 of School-management-system has a security vulnerability. This vulnerability stems from improper handling of the...

9.8CVSS5.8AI score0.00285EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32659

CVE-2025-65135 In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fr… https://t.co/otOrMUqUKm...

9.8CVSS5.8AI score0.00285EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32914

CVE-2026-33714 Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an inc… https://t.co/Zf7eLCVgfW...

7.1CVSS5.9AI score0.00258EPSS
Exploits0References4
Rows per page
Query Builder