8 matches found
CVE-2026-54066
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...
CVE-2026-44204
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
CVE-2026-44204
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
CVE-2026-44204
Shelf is a platform for tracking physical assets. CVE-2026-44204 describes a SQL injection in the sortBy query parameter on the /assets route affecting versions 1.12 up to before 1.20.1. An authenticated user (any role) could execute arbitrary SQL and read data from any table, including data belo...
CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
EUVD-2026-29728
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...
shelf.nu 输入验证错误漏洞
shelf.nu is an open-source physical asset tracking and management platform developed by Shelf. Versions of shelf.nu from 1.12 to 1.20.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the SQL injection vulnerability in the sortBy query parameter on th...