357 matches found
EUVD-2022-7239
Malicious code in bioql PyPI...
EUVD-2022-6591
Malicious code in bioql PyPI...
EUVD-2023-2151
Malicious code in bioql PyPI...
EUVD-2022-3370
Malicious code in bioql PyPI...
EUVD-2023-34971
Malicious code in bioql PyPI...
EUVD-2023-1957
Malicious code in bioql PyPI...
EUVD-2022-6979
Malicious code in bioql PyPI...
CVE-2025-50979
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
NodeBB < 4.3.2 SQLi Vulnerability
NodeBB is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...
SQL Injection
Overview nodebb is a package that utilizes web sockets for instant interactions and real-time notifications. Affected versions of this package are vulnerable to SQL Injection via the /api/v3/search/categories API endpoint when the search parameter is not properly sanitized. An attacker can execut...
GHSA-RFH2-8VXQ-JQR8 NodeBB SQL Injection vulnerability
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
NodeBB SQL Injection vulnerability
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
CVE-2025-50979
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
CVE-2025-50979
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
CVE-2025-50979
CVE-2025-50979 affects NodeBB v4.3.0 with a SQL injection in the /api/v3/search/categories endpoint due to an unsanitized search parameter. Unauthenticated, remote attackers can use boolean-based blind and PostgreSQL error-based payloads. Impact: high confidentiality, low integrity, low availabil...
CVE-2025-50979
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
CVE-2025-50979
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
NodeBB 安全漏洞
NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB v4.3.0, which stems from improperly cleaned search query parameters in the search-categories API...
PT-2025-34905 · Nodebb · Nodebb
Name of the Vulnerable Software and Affected Versions: NodeBB version 4.3.0 Description: NodeBB version 4.3.0 contains a SQL injection issue in the search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, potentially allowing unauthenticated,...
Malicious code in @zalastax/nolb-nodebb-w (npm)
The package @zalastax/nolb-nodebb-w was found to contain malicious code...