Lucene search
+L

6 matches found

CVE
CVE
added 5 days ago14 views

CVE-2026-15477

Bahmni bahmnicore (up to 0.93) is affected in the Search Endpoint (file /openmrs/ws/rest/v1/bahmnicore/sql), specifically the function additionalParams. A manipulated argument can lead to SQL injection, with remote exploitation possible and public exploit details. Remediation: upgrade to 0.93.1, ...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS0.00319EPSS
Exploits0References6
OSV
OSV
added 5 days ago4 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

5.3CVSS5.9AI score0.00319EPSS
Exploits0References8
CVE
CVE
added 2024/06/28 8:25 p.m.102 views

CVE-2024-38518

BigBlueButton (BBB) is affected. A valid join link can be manipulated to generate a signed join link with extra parameters (for example role=moderator), allowing an attacker to join a meeting as moderator using a link intended for viewers. This vulnerability is addressed in BBB versions 2.6.18, 2...

4.6CVSS4.6AI score0.00307EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/28 8:25 p.m.27 views

CVE-2024-38518 bbb-web API additional parameters considered

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...

4.6CVSS6.8AI score0.00307EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/11/24 3:5 p.m.392 views

Ruby on Rails: ActionController::Parameters .each returns an unsafe hash

Rails 5.1.4 The goal of ActionController::Parameters's permit method strong parameters is to prevent accidental trust in the parameters sent by the client. We can therefore not simply create a hash of all the parameters in the params without permitting them first. When we really want to do this...

5CVSS0.4AI score0.04198EPSS
Exploits1
Rows per page
Query Builder