Lucene search
K

233 matches found

Nuclei
Nuclei
added yesterday13 views

IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

5.3CVSS6.2AI score0.22547EPSS
Exploits2References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42838

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS6.1AI score0.00256EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Progress MOVEit Transfer < 2025.0.8 / 2025.1.0 < 2025.1.4 / 2026.0.0 < 2026.0.1 Multiple Vulnerabilities

The version of Progress MOVEit Transfer installed on the remote host is prior to 2025.0.8, 2025.1.x prior to 2025.1.4, or 2026.0.x prior to 2026.0.1. It is, therefore, affected by multiple vulnerabilities: - Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress...

8CVSS6.1AI score0.00442EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-8649

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

9.8CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-8649 Institution scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-8649

Summary of CVE-2026-8649 : An instance of Improper Neutralization of Special Elements in Data Query Logic affects MOVEit Transfer (Custom Reports modules). The issue impacts MOVEit Transfer versions prior to 2025.0.7 and from 2025.1.0 up to before 2025.1.3. The CVSS vectors indicate a high-severi...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago11 views

CVE-2026-10698

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS0.00442EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42278

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-10698 Table scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS0.00442EPSS
Exploits0References1
OSV
OSV
added last week8 views

GO-2026-5837 Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph

Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph...

7.5CVSS5.9AI score0.00484EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 10:53 p.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:43 p.m.7 views

Improper Neutralization of Special Elements in Data Query Logic

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the enrichContext process. An attacker can access and modify all documents in connected NoSQL databases by injecting crafted...

10CVSS5.8AI score0.00538EPSS
Exploits2References3
Snyk
Snyk
added 2026/06/12 12:0 a.m.11 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00254EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 12:0 a.m.12 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6626

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.1AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1352

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.4AI score0.00328EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:41 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2025-14688

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.13 views

EUVD-2026-32280

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.11 views

CVE-2026-3676

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...

6.5CVSS0.00402EPSS
Exploits0References1
Rows per page
Query Builder