Lucene search
K

43 matches found

NVD
NVD
added 2026/06/20 1:16 a.m.11 views

CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 12:14 a.m.5 views

CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 12:14 a.m.8 views

EUVD-2026-38099

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS6AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51043

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.upsert version meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version meta...

6.9CVSS6AI score0.00235EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.12 views

CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

5.3CVSS5.5AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:55 a.m.9 views

CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:55 a.m.12 views

EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 5:10 p.m.10 views

EUVD-2026-31315

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/18 5:16 p.m.8 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29891

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

4.8CVSS5.8AI score0.00204EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 4:17 a.m.4 views

UBUNTU-CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 10:40 p.m.9 views

CLSA-2026-1778107205 Fix CVE(s): CVE-2026-23918

SECURITY UPDATE: double free / possible RCE in modhttp2 stream purge - debian/patches/CVE-2026-23918.patch: deduplicate inserts into the spurge array in modules/http2/h2mplx.c via a new addforpurge helper to prevent the same h2stream from being freed twice. - CVE-2026-23918...

8.8CVSS5.8AI score0.4581EPSS
Exploits16References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Oracle PeopleSoft Enterprise HCM Shared Components 安全漏洞

Oracle PeopleSoft Enterprise HCM Shared Components is a set of common component modules for human resources systems developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Shared Components contains a security vulnerability. This vulnerability stems from issues with the...

5.4CVSS7.2AI score0.00152EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.3 views

Oracle Utilities Applications security vulnerabilities

Oracle Utilities Applications is a technology platform for the utilities industry developed by Oracle, a company in the United States. Vulnerabilities exist in versions 4.4.0.3.0.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10 of the Oracle Utilities Application Framework. These...

5.4CVSS7.1AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 5:15 p.m.5 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS0.00771EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.3 views

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in Unified Audit versions 23.4 through 23.9 of Oracle Database Server...

2.7CVSS7.1AI score0.00248EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/07/09 1:50 p.m.7 views

U.S. Dept Of Defense: Critical PII Data Exposure in ORDER_ERROR_LOG

A critical security vulnerability was identified in the application's error logging system. The ORDERERRORLOG file contained complete database insertion statements that exposed personally identifiable information of customers in plain text format. The error handling mechanism was logging full SQL...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.5 views

CVE-2021-35665

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion component: Repository. The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting...

6.1CVSS6.8AI score0.00815EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/02/05 9:7 a.m.8 views

CVE-2023-52925

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044intervaloverlap0 Expected: 0-2 . 0-3, got: W: FAILED ./testcases/sets/0044intervaloverlap0: got 1 Insertion...

6.2CVSS5.4AI score0.00195EPSS
Exploits0
OSV
OSV
added 2024/10/15 8:15 p.m.6 views

CVE-2024-21261

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder