Lucene search
K

7 matches found

EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-44603

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

6.1AI score
Exploits0References4
CVE
CVE
added 5 hours ago10 views

CVE-2026-56287

CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The vulnerability arises from the orderBy and sortOrder parameters being concatenated into a SQL query without sufficient validation, enabling an au...

6.1AI score
Exploits0References3
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-56287 Apache Fineract: Boolean SQL Injection in Client Search API (orderBy parameter) leading to Local File Disclosure

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.10 views

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

5.9AI score0.0026EPSS
Exploits1References2
CVE
CVE
added 2024/11/20 12:0 a.m.55 views

CVE-2024-51209

The CVE describes Cross-Site Scripting (XSS) in Anuj Kumar’s Client Management System Version 1.2. The vulnerability affects the search input fields on the admin search invoices page and the client search invoices page, allowing an attacker to inject arbitrary web script or HTML. Technical contex...

5.4CVSS5.9AI score0.0026EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/04/11 8:15 p.m.4 views

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

8.1CVSS6AI score0.00541EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:0 p.m.20 views

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...

7.1AI score
Exploits0
Rows per page
Query Builder