Lucene search
K

1301 matches found

EUVD
EUVD
added 2026/05/26 7:27 p.m.17 views

EUVD-2026-31960

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 7:27 p.m.22 views

CVE-2026-44831

CVE-2026-44831 affects Snipe-IT, an IT asset/license management system. Prior to v8.4.1, users with component view access could trigger stored XSS via an unescaped notes field in the component checkout process. The issue is fixed in v8.4.1 or later. If you are using versions before 8.4.1, upgrade...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 9:25 p.m.17 views

Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)

Description The column filter passes its input straight to PHP's native arraycolumn. When the array elements are objects, arraycolumn reads $obj-$name and $obj-$index directly, including invoking get/isset. Because this property read happens entirely in PHP native code and never reaches...

5.9AI score0.00047EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/21 9:25 p.m.7 views

GHSA-VCC8-PHRV-43WJ Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)

Description The column filter passes its input straight to PHP's native arraycolumn. When the array elements are objects, arraycolumn reads $obj-$name and $obj-$index directly, including invoking get/isset. Because this property read happens entirely in PHP native code and never reaches...

2.1CVSS5.9AI score0.00047EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/20 9:41 a.m.7 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the column filter’s use of PHP arraycolumn. An attacker can bypass Twig sandbox property restrictions because arraycolumn accesses object...

6.4CVSS5.9AI score0.00047EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in SQLite3

SQLite 3.30.1 improperly handles pExpr-y.pTab, as demonstrated in the TKCOLUMN case within sqlite3ExprCodeTarget in expr.c...

5.9CVSS6.8AI score0.02538EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42175

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The column filter passes input directly to the native PHP array column function. When array elements are objects, array column reads properties directly, which bypasses the...

2.1CVSS5.8AI score0.00047EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.41 views

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 7:16 p.m.12 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.01178EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Strapi SQL注入漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...

9.3CVSS6.6AI score0.01178EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 8:2 p.m.12 views

GHSA-3XCQ-8MJW-H6MX Strapi Vulnerable to SQL Injection in Content Type Builder

Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N 9.3 — Critical - Affected Versions: @strapi/content-type-builder =5.33.2 v5 or =4.26.1 v4 Description of CVE-2026-22599 A database-query...

9.3CVSS6.6AI score0.01178EPSS
Exploits0References5
Nextcloud
Nextcloud
added 2026/05/13 6:39 a.m.11 views

SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

None...

8.2CVSS5.8AI score0.00318EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40834

Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 4.26.0 Strapi versions 5.0.0 through 5.33.1 Description A database-query injection exists in the Content-Type Builder write API. An authenticated administrator can inject arbitrary database statements through the...

9.3CVSS6.6AI score0.01178EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/05/11 7:35 p.m.12 views

MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Impact Cross-site scripting XSS. Note that By default, only users with Manager access level or above can save their filters publicly Patches -...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016806 advisory. An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.ext...

9.8CVSS5.8AI score0.00583EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.8 views

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39299

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description Users with component view access can be affected by cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites, due to an unescaped notes column. Recommendations...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.10 views

Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...

8.5CVSS7.8AI score0.00802EPSS
Exploits1References7
Rows per page
Query Builder