Lucene search
+L

4 matches found

NVD
NVD
added 2026/03/31 10:16 p.m.6 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

9.8CVSS0.00505EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/31 9:0 p.m.27 views

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS0.00505EPSS
Exploits0References6
NVD
NVD
added 2026/01/20 2:15 a.m.11 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.7 views

PT-2023-1243 · Oracle · Oracle Hospitality Reporting/Analytics

Name of the Vulnerable Software and Affected Versions: Oracle Hospitality Reporting and Analytics version 9.1.0 Description: The issue is related to insufficient input validation in the Reporting component of Oracle Hospitality Reporting and Analytics. This easily exploitable vulnerability can be...

8.7CVSS7.2AI score0.00512EPSS
Exploits0References3
Rows per page
Query Builder