Lucene search
+L

14 matches found

CVE
CVE
added 2026/01/23 6:31 a.m.105 views

CVE-2026-0603

CVE-2026-0603 : A second-order SQL injection vulnerability in Hibernate Core via the InlineIdsOrClauseBuilder allows a remote attacker with low privileges to craft non-alphanumeric IDs to read sensitive data (e.g., system files) and manipulate or delete data, causing an application‑level denial o...

8.3CVSS5.7AI score0.00782EPSS
Exploits1References9
Snyk
Snyk
added 2026/01/19 10:10 a.m.10 views

SQL Injection

Overview org.hibernate:hibernate-core is a library providing Object/Relational Mapping ORM support to applications, libraries, and frameworks. Affected versions of this package are vulnerable to SQL Injection via the InlineIdsOrClauseBuilder component when unsanitized non-alphanumeric characters...

8.7CVSS6AI score0.00782EPSS
Exploits1References2
Prion
Prion
added 2023/10/23 12:15 a.m.18 views

Code injection

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...

7.5CVSS9.3AI score0.00656EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:17 p.m.23 views

Incorrect Authorization in Dolibarr

core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...

8.8CVSS6.7AI score0.01955EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 3:18 a.m.23 views

GHSA-4X63-3P7Q-XMH7 Jenkins HTML Publisher Plugin path traversal vulnerability

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. In version 1.16, non-alphanumeric characters in report names a...

6.5CVSS6.3AI score0.02714EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2021/11/24 12:0 a.m.36 views

rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse

oooooooq reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names...

7.5CVSS7.6AI score0.02931EPSS
Exploits1References1
OSV
OSV
added 2020/05/06 7:15 p.m.16 views

CVE-2020-12669

core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...

8.8CVSS6.5AI score
Exploits0References2
Veracode
Veracode
added 2020/03/18 6:7 a.m.25 views

Cross-site Scripting (XSS)

sockjs is vulnerable to cross-site scripting XSS. The attack exists because it does sanitize the callback parameter in lib/transport/htmlfile.js for non-alphanumeric symbols, allowing an attacker to inject malicious scripts...

6.1CVSS3AI score0.01886EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2012/08/09 12:0 a.m.31 views

RedHat Update for sudo RHSA-2012:1149-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.6CVSS6.5AI score0.00435EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2012/08/08 12:0 a.m.33 views

CentOS 5 : sudo (CESA-2012:1149)

An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

5.6CVSS5.8AI score0.00435EPSS
Exploits1References2
Cent OS
Cent OS
added 2012/08/07 5:20 p.m.67 views

sudo security update

CentOS Errata and Security Advisory CESA-2012:1149 An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

5.6CVSS5.9AI score0.00435EPSS
Exploits1References7
Saint
Saint
added 2011/01/05 12:0 a.m.258 views

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

7.5CVSS9.9AI score0.53618EPSS
Exploits41
CVE
CVE
added 2007/07/06 6:0 p.m.48 views

CVE-2007-3596

CVE-2007-3596 affects phpVideoPro up to version 0.8.7 (before 0.8.8). The vulnerability is in inc/vul_check.inc where the sess_id parameter accepts non‑alphanumeric characters. The impact is described as unknown (no explicit impact or attack vector details beyond a likely cross‑site scripting sug...

4.3CVSS6.2AI score0.01081EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.28 views

CVE-2001-1497

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password...

6.4AI score0.02047EPSS
Exploits0References4
Rows per page
Query Builder