Lucene search
+L

16 matches found

osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-528 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.3AI score0.00281EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.15 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References1
nvd
nvd
added 2026/05/06 6:16 p.m.11 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/06 5:21 p.m.59 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/06 5:21 p.m.11 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/05/06 4:44 p.m.11 views

CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

9.4CVSS6AI score0.00281EPSS
Exploits0References1
osv
osv
added 2026/05/06 4:44 p.m.6 views

GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.7AI score0.00301EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.15 views

PT-2026-38087

Name of the Vulnerable Software and Affected Versions Rucio versions 1.30.0 through 35.8.4 Rucio versions 38.x through 38.5.4 Rucio versions 39.x through 39.4.1 Rucio versions 40.x through 40.1.0 Description An issue exists in the FilterEngine.create postgres query function where authenticated...

9.9CVSS6.6AI score0.00301EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/01/09 8:41 a.m.10 views

CVE-2022-31020

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...

8.8CVSS7.5AI score0.01738EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0124

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01738EPSS
Exploits0References5
nvd
nvd
added 2022/09/06 5:15 p.m.24 views

CVE-2022-31020

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...

8.8CVSS0.01738EPSS
Exploits0References3
seebug
seebug
added 2014/07/01 12:0 a.m.36 views

ASTPP VoIP Billing (4cf207a) Multiple Vulnerabilities

No description provided by source. Title: ====== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=687 VL-ID: ===== 687 Common Vulnerability Scoring System: ==================================...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2012/09/14 12:0 a.m.44 views

ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities

Title: ====== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=687 VL-ID: ===== 687 Common Vulnerability Scoring System: ==================================== 4 Introduction: =============...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2012/09/13 12:0 a.m.29 views

ASTPP VoIP Billing (4cf207a) Cross Site Scripting

Title: ====== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=687 VL-ID: ===== 687 Common Vulnerability Scoring System: ==================================== 4 Introduction: =============...

0.1AI score
Exploits0
vulnerlab
vulnerlab
added 2012/08/16 12:0 a.m.68 views

ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities

Document Title: =============== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=687 Release Date: ============= 2012-08-16 Vulnerability Laboratory ID VL-ID: ==================================== 6...

7.1AI score
Exploits0
vulnerlab
vulnerlab
added 2012/08/16 12:0 a.m.16 views

ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities

Document Title: =============== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=687 Release Date: ============= 2012-08-16 Vulnerability Laboratory ID VL-ID: ==================================== 6...

0.2AI score
Exploits0
Rows per page
Query Builder