Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

RedhatCVE
RedhatCVEadded yesterday5 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS5.8AI score0.00783EPSS
Exploits2References1
Exploit DB
Exploit DBadded 2026/05/29 12:0 a.m.29 views

MikroORM 7.0.13 - SQL Injection

Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version: @mikro-orm/knex = 6.6.13 / @mikro-orm/sql = 7.0.13 Tested on: Docker / Debian Bookworm...

7.6CVSS5.8AI score0.00783EPSS
Exploits2
Packet Storm
Packet Stormadded 2026/05/29 12:0 a.m.26 views

📄 MikroORM 7.0.13 SQL Injection

MikroORM version 7.0.13 suffers from a remote SQL injection vulnerability. Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version:...

7.6CVSS5.9AI score0.00783EPSS
Exploits2
NVD
NVDadded 2026/05/26 5:16 p.m.9 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00783EPSS
Exploits2References5
Vulnrichment
Vulnrichmentadded 2026/05/26 4:49 p.m.6 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.00783EPSS
Exploits2References5
CVE
CVEadded 2026/05/26 4:49 p.m.9 views

CVE-2026-44680

MikroORM is vulnerable to SQL injection via runtime-controlled identifiers and JSON-path keys. The root cause is improper escaping in the identifier-quoting helper (Platform.quoteIdentifier and PostgreSQL/MSSQL overrides) and in JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey)...

7.6CVSS6AI score0.00783EPSS
Exploits2References5
EUVD
EUVDadded 2026/05/26 4:49 p.m.6 views

EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.00783EPSS
Exploits2References5
Cvelist
Cvelistadded 2026/05/26 4:49 p.m.31 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00783EPSS
Exploits2References5
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.5 views

MikroORM SQL注入漏洞

MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. MikroORM has a SQL injection vulnerability; this vulnerability arises from improper escaping of identifiers and JSON path injections, which may lead to SQL injections...

7.6CVSS5.8AI score0.00783EPSS
Exploits2References6
vulnersOsv
vulnersOsvadded 2026/05/08 7:17 p.m.2 views

@mikro-orm/entity-generator (>=7.0.0 <=7.0.14-dev.14), @mikro-orm/libsql (>=7.0.0 <=7.0.14-dev.14) +9 more potentially affected by CVE-2026-44680 via @mikro-orm/sql (>=7.0.0-dev.100 <=7.0.14-dev.9)

@mikro-orm/sql NPM version =7.0.0-dev.100, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.14-dev.14 - @reldens/cms =0.61.0 - @reldens/storage =0.93.0 Source cves: CVE-2026-44680 Source advisory: SNYK:JS-MIKROORMSQL-16624726...

5.8AI score0.00783EPSS
Exploits2
Github Security Blog
Github Security Blogadded 2026/05/08 7:17 p.m.6 views

MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

7.6CVSS6.1AI score0.00783EPSS
Exploits2References4Affected Software2
OSV
OSVadded 2026/05/08 7:17 p.m.2 views

GHSA-CFW5-68C4-FFQP MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

7.6CVSS6.1AI score0.00783EPSS
Exploits2References4
Packet Storm
Packet Stormadded 2026/05/06 12:0 a.m.48 views

📄 MikroORM 7.0.5 SQL Injection

MikroORM versions 7.0.5 and below suffer from a remote SQL injection vulnerability. CVE-2026-43220 MikroORM SQL Injection ★ CVE-2026-43220 MikroORM SQL Injection PoC ★ https://github.com/user-attachments/assets/33724cfc-6151-47ff-9415-2f50c5124cd1 Overview CVE-2026-43220 is a SQL Injection...

5.5CVSS5.9AI score0.00023EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/04/01 5:3 p.m.1 views

CVE-2026-34220

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....

9.8CVSS5.8AI score0.00015EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/01 5:3 p.m.3 views

CVE-2026-34221

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

9.1CVSS5.8AI score0.00046EPSS
Exploits0References1
NVD
NVDadded 2026/03/31 4:16 p.m.0 views

CVE-2026-34221

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

9.1CVSS0.00046EPSS
Exploits0References1
NVD
NVDadded 2026/03/31 4:16 p.m.1 views

CVE-2026-34220

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....

9.8CVSS0.00015EPSS
Exploits0References1
CVE
CVEadded 2026/03/31 3:19 p.m.5 views

CVE-2026-34220

CVE-2026-34220 affects mikro-orm (TypeScript ORM for Node.js). A SQL injection vulnerability exists in versions prior to 6.6.10 and 7.0.6, triggered when specially crafted objects are interpreted as raw SQL query fragments during ORM write APIs (e.g., wrap(entity).assign(userInput) followed by em...

9.8CVSS5.8AI score0.00015EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/31 3:19 p.m.1 views

CVE-2026-34220

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....

9.3CVSS5.8AI score0.00015EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/31 3:19 p.m.21 views

CVE-2026-34220 MikroORM is vulnerable to SQL Injection via specially crafted object

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....

9.3CVSS0.00015EPSS
Exploits0References1
Rows per page
Query Builder