CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

CVE-2026-40683

Keystone (OpenStack) LDAP identity backend vulnerability CVE-2026-40683: before 28.0.1, the user_enabled_invert setting is not applied when False, causing non-empty string values like 'FALSE' to be treated as enabled; this permits authentication and actions for users disabled in LDAP. All deploym...

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 28.0.1 had security vulnerabilities. These vulnerabilities stemmed from the fact that the LDAP identity backend did not convert user enablement properties in...

PT-2026-32909

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 28.0.1 Description The LDAP identity backend fails to convert the user enabled attribute to a boolean value when the user enabled invert configuration option is set to False. Specifically, the ldap res to...

YARA-X 1.15.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

EUVD-2019-20132

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

CVE-2019-25699 Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

CVE-2019-25699 Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

CVE-2019-25699

Newsbull Haber Script 1.0.0 is affected by multiple SQL injection vulnerabilities in the search parameter, enabling authenticated attackers to extract database information via time-based, blind, and boolean-based techniques. The issues can be triggered through the search parameter in endpoints su...

CVE-2019-25699

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

PT-2026-32164

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

EUVD-2019-20062

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...

PT-2026-30472

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...

1millionbot Millie chatbot 安全漏洞

1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot, which stems from the possibility for users to use...

EUVD-2026-14434

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

EUVD-2026-16349

XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion...

GHSA-65XW-VW82-R86X XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...