Lucene search
K

163 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-40523

CVE-2026-40523 affects FrontAccounting

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-40079

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.4AI score0.00295EPSS
Exploits1References1
NVD
NVD
added 2026/05/20 10:16 p.m.20 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS0.00295EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:36 p.m.16 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/20 9:36 p.m.10 views

EUVD-2026-31199

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42269

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 6:24 p.m.16 views

Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 7:49 p.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by a TLS hostname verification vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary IBM SPSS Analytic Server is affected by a TLS hostname verification vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9...

6.3CVSS6AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 4:51 p.m.3 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-29371, CVE-2025-14923)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-29371, CVE-2025-14923. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can...

9.8CVSS5.7AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 6:30 a.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2025-14914, CVE-2025-12635)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14914, CVE-2025-12635. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty...

7.6CVSS5.8AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:48 p.m.10 views

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

6.5CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/16 12:33 p.m.14 views

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

9.8CVSS5.5AI score0.79807EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 9:3 a.m.14 views

Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)

Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...

9.8CVSS5.8AI score0.02962EPSS
Exploits4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.7 views

CVE-2021-22180

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages...

4.3CVSS6.4AI score0.00864EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:46 a.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by weaker than expected security due to crypto.js in IBM WebSphere Application Server Liberty (CVE-2020-36732)

Summary IBM SPSS Analytic Server is affected by weaker than expected security due to crypto.js in IBM WebSphere Application Server Liberty. CVE-2020-36732. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2....

5.3CVSS6.5AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 1:15 p.m.5 views

Security Bulletin: IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924).

Summary IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/14 7:4 a.m.6 views

CVE-2025-10738

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

9.8CVSS6.8AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder