Lucene search
K

185 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...

9.3CVSS6AI score0.00317EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/02 10:0 a.m.82 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 - cPanel & WHM Authentication Bypass Proof of C...

9.8CVSS5.9AI score0.981EPSS
Exploits64
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33286

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 2:33 a.m.3 views

Improper Control of Dynamically-Managed Code Resources

Overview graphiti is an Easily build jsonapi.org-compatible APIs Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Graphiti::Util::ValidationResponseallvalid? method recursively calls model.sendname. An attacker can execute arbitrar...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 12:16 a.m.3 views

CVE-2026-33286

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS0.00632EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 11:52 p.m.22 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS0.00632EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:52 p.m.3 views

CVE-2026-33286

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.1AI score0.00632EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/23 11:52 p.m.3 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.5 views

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS8AI score0.00307EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/15 6:31 p.m.10 views

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS8AI score0.00307EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/15 4:16 p.m.6 views

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS0.00307EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/15 3:52 p.m.7 views

EUVD-2026-2770

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS7.4AI score0.00307EPSS
Exploits0References4
CVE
CVE
added 2026/01/15 3:52 p.m.21 views

CVE-2021-47763

CVE-2021-47763 affects Aimeos 2021.10 LTS. The vulnerability is a SQL injection in the json API 'sort' parameter, exploitable via crafted GET requests to the /jsonapi/review endpoint, enabling disclosure of table and column names. Multiple connected sources corroborate the issue and reference aff...

8.8CVSS7.5AI score0.00307EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.3 views

CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS7.5AI score0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.29 views

CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS0.00307EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/15 12:0 a.m.7 views

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS8AI score0.00307EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Aimeos SQL injection vulnerability

Aimeos is an open-source e-commerce framework designed for online stores. The Aimeos 2021.10 LTS version has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the json api sort parameter, which could allow attackers to inject malicious database queries...

8.8CVSS5.8AI score0.00307EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.15 views

CVE-2016-10843

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...

8.1CVSS7.5AI score0.01444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.10 views

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

9.8CVSS7.8AI score0.11072EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/01 10:5 a.m.194 views

Exploit for CVE-2025-67158

CVE-2025-67158 — Revotech I6032W-FHW Summary The Revotech...

7.2AI score0.0047EPSS
Exploits2
Rows per page
Query Builder