32 matches found
Alerta < 8.1.0 - Authentication Bypass
Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests. id: CVE-2020-26214 info: name: Alerta 8.1.0 - Authentication Bypass author: CasperGN,daffainfo severity: critical description:...
SQL Injection
alerta-server is vulnerable to SQL Injection. The vulnerability is due to direct interpolation of user-supplied query parameters into SQL statements without sanitization, which allows an attacker to inject and execute arbitrary SQL queries...
GHSA-8PRR-286P-4W7J alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...
SQL Injection
Overview alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to SQL Injection in the q parameter of the query string API due to direct interpolation of user-supplied input into SQL statements using f-strings. An attacker can execute arbitrary SQL...
alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-34400
CVE-2026-34400 affects Alerta (alerta-server) prior to version 9.1.0. The vulnerability is in the Query string search API (q=) where user-supplied search terms were interpolated into SQL strings via f-strings in the PostgreSQL query parser, enabling SQL injection in WHERE clauses. The issue has b...
EUVD-2026-17664
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
PT-2026-29356
Name of the Vulnerable Software and Affected Versions Alerta versions prior to 9.1.0 Description Alerta, a monitoring tool, had a SQL injection issue in the Query string search API. The vulnerability stemmed from directly interpolating user-supplied search terms into SQL strings via f-strings whe...
Alerta SQL注入漏洞
Alerta is a Python-based monitoring system developed by individual developers. Versions prior to Alerta 9.1.0 contained a SQL injection vulnerability. This vulnerability stems from the Query String Search API directly inserting user-provided search terms into the SQL string, which could lead to S...
CVE-2026-26828
creationtimestamp| type| source ---|---|--- 2026-03-23 16:16:47+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-26828...
CVE-2026-4083
creationtimestamp| type| source ---|---|--- 2026-03-20 23:16:29+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4083...
CVE-2026-3350
creationtimestamp| type| source ---|---|--- 2026-03-20 23:16:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3350...
CVE-2026-31968
creationtimestamp| type| source ---|---|--- 2026-03-18 19:16:21+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-31968 2026-03-19 21:58:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgypxws6x2h...
CVE-2026-3708
creationtimestamp| type| source ---|---|--- 2026-03-08 04:16:32+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3708...
CVE-2020-26214
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for...