Lucene search
K

52 matches found

NVD
NVD
added 2026/03/31 10:16 p.m.6 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

9.8CVSS0.00505EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/31 9:0 p.m.22 views

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS0.00505EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:0 p.m.3 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS5.8AI score0.00505EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/31 9:0 p.m.7 views

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS5.8AI score0.00505EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.5 views

CVE-2026-32517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through = 9.1...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.8 views

CVE-2026-25543

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

6.3CVSS5.2AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 2:15 a.m.8 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/19 3:24 p.m.2 views

CVE-2026-22031 Fastify Middie Middleware Path Bypass

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

8.4CVSS5.5AI score0.00457EPSS
Exploits1References4
CVE
CVE
added 2026/01/19 3:24 p.m.16 views

CVE-2026-22031

CVE-2026-22031 affects the Fastify middleware plugin @fastify/middie (prior to 9.1.0). A vulnerability allows bypassing a middleware registered with a path prefix by using URL-encoded paths (e.g., /%61dmin). The middie engine uses path-to-regexp for matching; the regex is applied to the undecoded...

8.8CVSS5.5AI score0.00457EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 12:56 p.m.4 views

CVE-2025-13184

Unauthenticated Telnet enablement via cstecgi.cgi auth bypass leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369B20230113 arbitrary command execution. Earlier versions that share the same implementation, may also be affected...

9.8CVSS7.2AI score0.10987EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/10 3:31 p.m.4 views

EUVD-2025-202419

Unauthenticated Telnet enablement via cstecgi.cgi auth bypass leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369B20230113 arbitrary command execution. Earlier versions that share the same implementation, may also be affected...

9.8CVSS6.8AI score0.10987EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50325

Unauthenticated Telnet enablement via cstecgi.cgi auth bypass leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369 B20230113 arbitrary command execution. Earlier versions that share the same implementation, may also be affected...

7.3AI score0.10987EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.5 views

CVE-2025-53939

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

8.8CVSS6.7AI score0.00644EPSS
Exploits0References1
NVD
NVD
added 2025/11/29 3:15 a.m.4 views

CVE-2025-53896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

8.1CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/11/29 2:25 a.m.6 views

CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

6.3CVSS5.8AI score0.00644EPSS
Exploits0References3
OSV
OSV
added 2025/11/29 2:24 a.m.10 views

CVE-2025-53896 Kiteworks MFT is vulnerable to Insufficient Session Expiration

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

7.1CVSS5.7AI score0.0017EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/29 12:0 a.m.3 views

Kiteworks Mft 代码问题漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A code issue vulnerability exists in Kiteworks Mft versions prior to 9.1.0 that stems from an improper session timeout mechanism that could cause a session to remain active...

8.1CVSS6.8AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/01 12:0 a.m.6 views

CVE-2025-61045

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function...

0.01539EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

WordPress plugin LMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

9.3CVSS7.6AI score0.00275EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.7 views

CVE-2024-46626

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload...

8.8CVSS8.2AI score0.00856EPSS
Exploits1References1
Rows per page
Query Builder