34 matches found
CVE-2026-41478
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-34402
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to...
SQL Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the onpublish function. An attacker can extract sensitive database contents, including user password hashes, email addresses, API keys, and...
CVE-2026-32610
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...
Insufficiently Protected Credentials
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the skills.status function. An attacker can access sensitive configuration secrets by invoking this function with read-level privileges, which...
EUVD-2026-6096
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
EUVD-2021-26384
Malware in sbrugna...
EUVD-2022-46903
Malicious code in bioql PyPI...
EUVD-2022-41797
Malicious code in bioql PyPI...
EUVD-2022-5136
Malicious code in bioql PyPI...
CVE-2022-43933
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...
Insertion Of Sensitive Information Into Log Files
org.apache.activemq:artemis-project is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of sensitive data in debug logging and the ConfigurationImpl logger exposing all broker property values, including credentials or tokens. It allows ...
CVE-2022-43933
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...
CVE-2022-43933
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...
CVE-2022-43933 configuration secrets are logged in support-save
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...
CVE-2022-43933 configuration secrets are logged in support-save
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords...
Broadcom SANnav 安全漏洞
Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom SANnav versions prior to 2.2.2, which stems from the presence of information disclosure through a log file vulnerability, where configuration secrets are recorded in...