82391 matches found
CVE-2026-3771
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...
CLEANSTART-2026-GJ95666 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
CLEANSTART-2026-AF35851 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
CLEANSTART-2026-QK48981 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
CLEANSTART-2026-AV02020 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
CLEANSTART-2026-RA63757 Redis is an open source, in-memory database that persists on disk
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...
CVE-2026-27688
CVE-2026-27688 affects SAP NetWeaver Application Server for ABAP. A missing authorization check allows an authenticated user with privileges to execute a specific RFC function module to read Database Analyzer Log Files, potentially escalating privileges and exposing confidential data. Impact is l...
CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
CVE-2026-27688
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...
CVE-2026-24309
The CVE covers SAP NetWeaver Application Server for ABAP with a missing authorization check in a function module. An authenticated attacker with network access and low privileges could read, modify, or insert entries in the ABAP system’s database configuration table, potentially causing reduced p...
CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...
CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...
CVE-2026-24309
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...
CVE-2025-56421
LimeSurvey is affected by an SQL Injection vulnerability in versions before 6.15.4+250710. The issue allows a remote attacker to obtain sensitive information from the database. The description does not specify exact vulnerable components, the root cause details, or concrete exploitation vectors b...
SAP NetWeaver Application Server for ABAP 安全漏洞
SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may lead to the reading of...
PT-2026-24632
Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId and land directly in the...
Craft Commerce SQL注入漏洞
Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce prior to 5.5.3 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of sort parameters into SQL statements without proper validatio...
PT-2026-24478
Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 and above Description Sylius, an Open Source eCommerce Framework on Symfony, contains a Time-of-Check To Time-of-Use TOCTOU race condition in the...
Sequelize SQL注入漏洞
Sequelize is an open-source database ORM Object-Relational Mapping tool for Node.js. Versions of Sequelize prior to 6.37.8 had a SQL injection vulnerability. This vulnerability stemmed from type conversion that wasn’t properly escaped during the handling of JSON/JSONB WHERE clauses, which could...