com.axelor:axelor-core (>=8.0.0 <=8.1.1), com.axelor:axelor-web (>=8.0.0 <=8.1.1) potentially affected by CVE-2026-40458 +1 more via org.pac4j:pac4j-ldap (>=6.2.2 <=6.3.1)

org.pac4j:pac4j-ldap MAVEN version =6.2.2, =8.0.0, =8.0.0, =8.1.1 Source cves: CVE-2026-40458, CVE-2026-40459 Source advisory: SNYK:JAVA-ORGPAC4J-16109662...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5), ca.ibodrov.mica.docker:mica-standalone (>=0.0.27 <=0.0.34) +272 more potentially affected by CVE-2026-23901 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-23901 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-15253618...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5), ca.ibodrov.mica.docker:mica-standalone (>=0.0.27 <=0.0.34) +272 more potentially affected by CVE-2026-23903 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-23903 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-15253617...

ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)

org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....

EUVD-2025-23541

Malicious code in bioql PyPI...

EUVD-2022-29881

Malicious code in bioql PyPI...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

PT-2025-31861 · Axelor · Axelor

Name of the Vulnerable Software and Affected Versions: Axelor version 5.2.4 Description: A Boolean-based SQL injection issue exists in Axelor version 5.2.4 through the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

CVE-2025-50341

CVE-2025-50341 affects Axelor 5.2.4, with a Boolean-based SQL injection via the _domain parameter that can alter query logic and lead to data exposure or further exploitation. The vulnerability is documented across multiple feeds and is rated high (CVSS v3.1 base score 9.8, CRITICAL impact to con...

Axelor 安全漏洞

Axelor is a modular development framework from the French company Axelor. A security vulnerability exists in Axelor version 5.2.4, which stems from a Boolean SQL injection in the domain parameter and could lead to a data leak...

CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Name parameter...

CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Name parameter...

CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Name parameter...

CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Name parameter...

Cross site scripting

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Name parameter...

CVE-2022-25138

Axelor Open Suite v5.0 is affected by a stored XSS via the Name parameter. The provided documents describe the vulnerability but do not include detailed exploit steps or a confirmed remediation/fix. No further technical specifics (e.g., affected modules, patches, or workaround) are provided.

CVE-2022-25138

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Name parameter...