Lucene search
K

23 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/01 2:8 p.m.7 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 3:50 p.m.39 views

CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS0.00391EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 3:50 p.m.56 views

CVE-2026-54297

CVE-2026-54297 (Faraday) : Uncontrolled recursion in Faraday::NestedParamsEncoder during decoding of nested query strings can create deeply nested Ruby Hashes, leading to a stack exhaustion DoS. Affected versions are Faraday 1.0.0 through 1.10.6 and 2.14.3. The vulnerability is fixed in 1.10.6 an...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.9 views

CVE-2026-54892

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS0.00707EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/23 12:31 p.m.43 views

CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS0.00707EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/23 12:31 p.m.7 views

EUVD-2026-38446

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/23 12:31 p.m.8 views

CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/22 2:22 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the NestedParamsEncoder module through the dehash routine. An attacker can cause the application to crash and exhaust system resources by submitting a deeply nested query string that triggers uncontrolled...

8.7CVSS5.9AI score0.00391EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-51060

Name of the Vulnerable Software and Affected Versions Faraday versions prior to 2.14.2-2-g59334e0 Description Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder, decodes nested query strings without enforcing a maximum nesting depth. An attacker can provide a crafted...

7.8CVSS5.8AI score0.00391EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:18 a.m.10 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the API contact filtering due to insufficient recursive sanitization of nested query parameters. An attacker can execute arbitrary SQL commands and potentially access sensitive data or disrupt database integrity by...

7.1CVSS6.1AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 8:16 a.m.17 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 6:58 a.m.11 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS6AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:58 a.m.10 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS6AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 6:58 a.m.37 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/07/13 12:0 a.m.4 views

PT-2021-21349 · Unknown +2 · Ublock Origin +2

Name of the Vulnerable Software and Affected Versions: uBlock Origin versions prior to 1.36.2 nMatrix versions prior to 4.4.9 Description: The issue allows crafted web sites to cause a denial of service due to unbounded recursion, which can trigger memory consumption and a loss of all blocking...

7.5CVSS6.5AI score0.01261EPSS
Exploits1References20
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.6 views

rubygem-activerecord: SQL injection when processing nested query paramaters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.2AI score0.04174EPSS
Exploits2References4
Rows per page
Query Builder