Lucene search
K

35 matches found

Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied input in the Special:Drilldown process. An attacker can execute arbitrary SQL commands by injecting crafted input. Remediation Upgrade mediawiki/cargo to version 3.9.1 or higher...

9.8CVSS6.2AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 7:22 p.m.36 views

CVE-2026-14363 Cargo Extension: SQLi in Special:Drilldown

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 7:22 p.m.14 views

CVE-2026-14363

The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3041

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.51915EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-20692

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00424EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.9 views

CVE-2019-13068

public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...

5.4CVSS7AI score0.51915EPSS
Exploits2References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/03 9:10 a.m.2 views

Malicious code in grafana-metricsdrilldown-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76f0bf52430819b26f7b4042daedcdd27b0b6dcc7278385dac6989be16b987de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/02/02 1:15 p.m.8 views

CVE-2024-0269

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

8.8CVSS7.2AI score0.05366EPSS
Exploits0References1
Prion
Prion
added 2024/02/02 1:15 p.m.26 views

Sql injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

6.5CVSS8.2AI score0.05366EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/02 1:5 p.m.32 views

CVE-2024-0269 SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

8.3CVSS9.7AI score0.05366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/02 1:5 p.m.18 views

CVE-2024-0269 SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

8.3CVSS7.8AI score0.05366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.9 views

PT-2024-15429 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the File-Summary DrillDown feature. This has been fixed and released in version 7271. Recommendations: For versions 7270...

8.8CVSS8.2AI score0.05366EPSS
Exploits0References5
Snyk
Snyk
added 2024/01/12 6:30 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

6.1CVSS5.5AI score0.00424EPSS
Exploits1References2
OSV
OSV
added 2024/01/12 6:30 a.m.4 views

GHSA-RHPM-63W5-79RG MediaWiki Cargo Extension Cross-site Scripting vulnerability

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...

6.1CVSS6.3AI score0.00424EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/01/12 6:30 a.m.6 views

MediaWiki Cargo Extension Cross-site Scripting vulnerability

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...

6.1CVSS6.3AI score0.00424EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.5 views

PT-2024-2677 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the Cargo extension of MediaWiki allows for XSS attacks via the artist, album, and...

6.4CVSS6.1AI score0.00424EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-13068

public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...

6.3CVSS7.1AI score0.51915EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.5 views

Semantic Drilldown 安全漏洞

Semantic Drilldown is a MediaWiki extension to Wikimedia open source. A security vulnerability exists in Semantic Drilldown. Attackers use this vulnerability to execute cross-site scripting attacks...

6.1CVSS6AI score0.00365EPSS
Exploits0References3
OSV
OSV
added 2022/08/16 9:15 p.m.5 views

CVE-2022-37438

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...

3.5CVSS5.8AI score0.00443EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/16 7:49 p.m.25 views

CVE-2022-37438 Information disclosure via the dashboard drilldown in Splunk Enterprise

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...

2.6CVSS4AI score0.00443EPSS
Exploits0References2
Rows per page
Query Builder