3 matches found
CVE-2026-57230
OpenReplay (self-hosted session replay) prior to 1.27.0 is affected by an authenticated SQL injection in the session search and analytics API for enterprise editions with multi-tenancy enabled. The vulnerability arises from building ClickHouse queries by inserting user input into the query string...
CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...
XML External Entity (XXE) Injection Payload List
An XML External Entity XXE attack sometimes called an XXE injection attack is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service DoS as well as access local and remote content and services. XXE can be...