Lucene search
K

43 matches found

CERT
CERT
added 6 days ago5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/21 2:0 a.m.7 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 2:0 a.m.44 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
NCSC
NCSC
added 2026/05/21 7:55 a.m.15 views

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

9.8CVSS6.2AI score0.84631EPSS
Exploits14References1
OSV
OSV
added 2026/05/17 2:51 p.m.9 views

MAL-2026-3810 Malicious code in @pluxee-connect/account-db-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49a36af66b1c55fbf7a78529c1fe2d15b819cef018300a03cdc8e0a1b59f36c9 Version 99.0.0 of this package targets an internal-looking npm scope and ships a postinstall.js that, on every npm install, reads os.hostname,...

5.8AI score
Exploits0References2
CVE
CVE
added 2026/04/23 3:44 a.m.24 views

CVE-2026-41229

Summary (CVE-2026-41229) Froxlor prior to v2.3.6 contains a PHP code injection flaw in the generation of userdata.inc.php. PhpHelper::parseArrayToString() writes string values into single-quoted PHP literals without escaping single quotes. When an admin with change_serversettings updates a MySQL ...

9.1CVSS5.9AI score0.0048EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : mysql:8.0 (AXSA:2020-844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-844:01 advisory. mysql: Server: Security: Privileges multiple unspecified vulnerabilities CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774...

7.2CVSS7.7AI score0.03726EPSS
Exploits1References16
GithubExploit
GithubExploit
added 2025/10/30 8:7 a.m.132 views

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

8.2AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6101

Malware in sbrugna...

8.8CVSS9.1AI score0.01269EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-2799

Malware in sbrugna...

7.5CVSS6AI score0.01095EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2015-6597

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.0506EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2022/01/12 3:15 p.m.4 views

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

7.8CVSS7.7AI score0.02565EPSS
Exploits0References2
OSV
OSV
added 2022/01/12 3:15 p.m.8 views

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

7.8CVSS7.7AI score0.02565EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/09/16 7:27 a.m.7 views

chromium-browser: use after free in blink

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

8.8CVSS7.5AI score0.01118EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2016/09/14 7:18 a.m.32 views

CVE-2016-5170

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

8.8CVSS6.8AI score0.01118EPSS
Exploits0References2
NVD
NVD
added 2016/09/11 10:59 a.m.19 views

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

8.8CVSS9.1AI score0.01269EPSS
Exploits0References12
Mageia
Mageia
added 2015/08/27 8:49 p.m.36 views

Updated drupal packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...

7.5CVSS7.2AI score0.0506EPSS
Exploits0References4
Prion
Prion
added 2015/08/24 2:59 p.m.19 views

Sql injection

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment...

7.5CVSS8.8AI score0.0506EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2015/08/24 2:59 p.m.38 views

CVE-2015-6659

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment...

7.5CVSS6AI score0.0506EPSS
Exploits0References2
OSV
OSV
added 2015/08/24 2:59 p.m.6 views

UBUNTU-CVE-2015-6659

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment...

7.5CVSS6.2AI score0.0506EPSS
Exploits0References3
Rows per page
Query Builder