Lucene search
+L

197 matches found

NVD
NVD
added 2026/07/03 6:16 a.m.9 views

CVE-2026-9626

The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...

6.4CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 4:30 a.m.22 views

CVE-2026-9626

The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (

6.4CVSS5.9AI score0.00228EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.11 views

CVE-2026-9626

The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...

6.4CVSS5.9AI score0.00228EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:24 p.m.39 views

CVE-2026-49858 API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:24 p.m.37 views

CVE-2026-49858

API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 5:21 p.m.38 views

CVE-2026-57954 Elide 7.1.17 - Permission Bypass in Sort Expression Validation

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53672

Name of the Vulnerable Software and Affected Versions Elide versions prior to 7.1.18 Description Insufficient enforcement of @ReadPermission within the getValidSortingRules function of SortingImpl allows attackers to use forbidden fields in client-supplied sort expressions. By analyzing the...

5.3CVSS5.9AI score0.00168EPSS
Exploits0References6
OSV
OSV
added 2026/06/17 6:56 p.m.7 views

DRUPAL-CORE-2026-005

SA-CORE-2019-003 added protection for fields that store serialized data to disallow direct writes via web services. The above fix did not cover all potential attack vectors for JSON:API. An attacker with appropriate JSON:API write permission could potentially inject a malicious payload in certain...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:38 p.m.7 views

DRUPAL-CONTRIB-2026-048

The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a field, on a per-entity basis. formatterfield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can...

9.8CVSS5.5AI score0.00386EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/17 12:0 a.m.11 views

Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048

The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a field, on a per-entity basis. formatterfield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can...

9.8CVSS5.9AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.28 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50612

Name of the Vulnerable Software and Affected Versions Drupal Plotly.js Graphing versions 0.0.0 through 3.0.2 Description Improperly controlled modification of dynamically-determined object attributes allows object injection. The module stores certain data as PHP-serialized strings, and if malicio...

6.1AI score0.00248EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50582

Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...

6.1AI score0.00386EPSS
Exploits0References3
Drupal
Drupal
added 2026/06/17 12:0 a.m.22 views

Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009

The JSON:API and REST modules allow you to upload image files to image fields. The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image. Certain web-server configurations may serve the...

5.4CVSS4.8AI score0.00161EPSS
Exploits0References7
Drupal
Drupal
added 2026/06/17 12:0 a.m.11 views

Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049

The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...

8.1CVSS5.4AI score0.00307EPSS
Exploits0References3
Drupal
Drupal
added 2026/06/17 12:0 a.m.10 views

Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050

The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References2
Drupal
Drupal
added 2026/06/17 12:0 a.m.23 views

Drupal core - Critical - PHP object injection - SA-CORE-2026-005

SA-CORE-2019-003 added protection for fields that store serialized data to disallow direct writes via web services. The above fix did not cover all potential attack vectors for JSON:API. An attacker with appropriate JSON:API write permission could potentially inject a malicious payload in certain...

5.9CVSS5.4AI score0.00215EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50611

Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...

6.1AI score0.00307EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.58 views

📄 Drupal core 10.5.5 JSON:API PostgreSQL Error-Based SQL Injection

This code demonstrates a research-oriented implementation targeting a reported SQL injection condition in Drupal JSON:API endpoints backed by PostgreSQL. ================================================================================================================================== | Title :...

9.8CVSS6.1AI score0.84631EPSS
Exploits14
Rows per page
Query Builder