Lucene search
K

46107 matches found

Nuclei
Nuclei
added 11 hours ago87 views

Anchor CMS 0.12.3 - Error Log Exposure

Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred. id: CVE-2018-7251 info: name: Anchor CMS 0.12.3 ...

9.8CVSS7AI score0.72272EPSS
Exploits4References5
Nuclei
Nuclei
added 11 hours ago104 views

phpMyAdmin <4.8.5 - Local File Inclusion

phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfi...

5.9CVSS6.6AI score0.15407EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS0.00401EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-55170

A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...

5.4CVSS6AI score0.00341EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 4 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-55170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely ...

5.4CVSS6.1AI score0.00341EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-55170

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

5.4CVSS0.00341EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-55170

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS5.9AI score0.00341EPSS
Exploits0References6Affected Software1
CVE
CVE
added 5 days ago20 views

CVE-2026-55170

OpenFGA Open Source CVE-2026-55170 affects the MySQL datastore when decisions rely on case-sensitive user strings. The tuple, changelog, and authorization_model identifier columns can treat case-distinct values (e.g., user:Alice vs user:alice) as equivalent, potentially causing two distinct check...

5.4CVSS5.9AI score0.00341EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55170 OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS0.00341EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-59257

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

8.8CVSS0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59257 n8n - SQL Injection in MySQL v1 executeQuery Operation via Expression Interpolation

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

5.3CVSS0.00314EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42269

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-59257

This CVE affects n8n before 1.123.61 and 2.x before 2.27.4, specifically the legacy MySQL v1 node’s executeQuery operation. The root cause is that evaluated {{ ... }} expression values are substituted directly into the raw SQL string without parameterization, enabling SQL injection when a workflo...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56448

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.61 n8n versions prior to 2.27.4 n8n versions 2.28.0 through 2.28.0 Description A SQL injection issue exists in the legacy MySQL v1 node during the executeQuery operation. The system substitutes evaluated...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1151 Apache Airflow MySQL Provider is Vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dumpsql or loadsql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not...

6.3CVSS6AI score0.00797EPSS
Exploits0References8
Fedora
Fedora
added 2026/07/05 1:10 a.m.11 views

[SECURITY] Fedora 44 Update: mariadb10.11-10.11.18-2.fc44

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

10CVSS6AI score0.00998EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/04 8:45 a.m.41 views

CVE-2026-14622 jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS0.00517EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 8:45 a.m.21 views

CVE-2026-14622

CVE-2026-14622 affects the restaurant-website-php-mysql project (up to commit 521428b5b612449df0cf4a5d15ee40cba67f3d35). The vulnerability is in the /admin/ajax_files component of the AJAX Endpoint, whereby input manipulation leads to missing authentication. It is exploitable remotely, with a pub...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/03 1:9 a.m.8 views

[SECURITY] Fedora 43 Update: mysql8.4-8.4.10-1.fc43

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

7.5CVSS5.8AI score0.00471EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
Rows per page
Query Builder