VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

CVE-2026-49490 OpenCATS - SQL Injection in DataGrid Filter Handling for Tags Column

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

EUVD-2022-46063

Malicious code in bioql PyPI...

EUVD-2022-50726

Malicious code in bioql PyPI...

EUVD-2022-46067

Malicious code in bioql PyPI...

EUVD-2022-46064

Malicious code in bioql PyPI...

EUVD-2022-46065

Malicious code in bioql PyPI...

EUVD-2023-30638

Malicious code in bioql PyPI...

EUVD-2023-30637

Malicious code in bioql PyPI...

EUVD-2023-30639

Malicious code in bioql PyPI...

CVE-2023-27295

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited...

CVE-2022-48013

Opencats v0.9.7 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields...

CVE-2022-43019

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

CVE-2022-43015

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the entriesPerPage parameter...

CVE-2022-43017

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component...

CVE-2022-43016

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback component...

CVE-2022-43014

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the joborderID parameter...

CVE-2022-43018

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the email parameter in the Check Email function...

CVE-2021-25294

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...

CVE-2019-13358

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...