2901 matches found
EUVD-2024-55647
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...
CVE-2024-58352 Landray OA Unauthenticated HQL Injection via wechatLoginHelper.do
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
GHSA-G5VH-55HW-RXM8 GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer
Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...
CVE-2026-10540
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...
EUVD-2026-40933
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...
CVE-2026-10540
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...
CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
EUVD-2026-40459
Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...
BIT-GHOST-2026-53949 Ghost Content API filter bypass reveals private fields
Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password hashes were fully...
CVE-2026-55721 SQL Injection in StoneFly Storage Concentrator
Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...
CVE-2026-55721
The CVE-2026-55721 entry describes a SQL injection vulnerability in StoneFly Storage Concentrator (SC & SCVM). The issue arises when cookie values are processed by login.pl and debug.pl, with the cookie data directly embedded into database queries without proper sanitization. This allows an unaut...
CVE-2026-55721
Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...
CVE-2026-58376
Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrary database contents by supplying malicious values to the sqlfilters query parameter in the setup dictionary and multicurrencies REST API endpoints. Th...
CVE-2026-58376 Dolibarr - SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints
Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrary database contents by supplying malicious values to the sqlfilters query parameter in the setup dictionary and multicurrencies REST API endpoints. Th...
CVE-2026-58376
Dolibarr
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
PT-2026-54436
Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An issue exists where cookie values processed by the login.pl and debug.pl scripts are incorporated directly into database queries without adequate sanitization. This...
PT-2026-53933
Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 23.0.3 Description Authenticated API users can exfiltrate arbitrary database contents, including password hashes and API keys, via a SQL injection. The issue occurs when malicious values are supplied to the sqlfilter...