Lucene search
K

581 matches found

Nuclei
Nuclei
added yesterday20 views

XWiki Platform - SQL Injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

9.8CVSS7.3AI score0.8541EPSS
Exploits6References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40295

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13766 DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-53847

Name of the Vulnerable Software and Affected Versions DBIx::QuickORM versions prior to 0.000026 Description An issue exists where SQL identifiers are emitted verbatim into generated queries without proper quoting or escaping. This occurs because the default SQL builder, a SQL::Abstract subclass,...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 8:36 p.m.18 views

CVE-2026-47375

CVE-2026-47375 (NocoDB) : A Postgres-backed deployment is vulnerable to authenticated SQL injection through the ARRAYSORT formula when a user with columnAdd permission supplies a malicious second argument. The issue arises because the attacker-controlled value is embedded into a knex.raw ORDER BY...

6CVSS6AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 7:18 p.m.6 views

GHSA-9GGV-8W38-R7PM TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)

Impact Blind SQL injection vulnerability in UpdateQueryBuilder and SoftDeleteQueryBuilder affecting MySQL and MariaDB users. UpdateQueryBuilder and SoftDeleteQueryBuilder including their addOrderBy variants do not validate the order parameter against an allowlist of permitted values ASC/DESC. The...

5.9CVSS6AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in SQLite3

In SQLite 3.30.1, the exprListAppendList function in the window.c file allows attackers to trigger a invalid pointer dereferencing issue, as constant integer values in ORDER BY clauses of window definitions are handled incorrectly...

7.5CVSS6.9AI score0.06937EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Mariadb 10.3

In MariaDB, the getsortbytable function before version 10.6.2 allows an application to crash due to certain uses of the ORDER BY clause...

5.5CVSS7.1AI score0.00393EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in SQLite3

In SQLite before version 3.32.3, select.c improperly handled the query-flattener optimization, resulting in a multiSelectOrderBy heap overflow due to the misuse of transitive properties for constant propagation...

5.5CVSS6.8AI score0.01027EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in SQLite3

In SQLite version 3.31.1, the ALTER TABLE implementation contains a use-after-free issue, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...

9.8CVSS6.9AI score0.07407EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in SQLite3

In SQLite 3.30.1, the sqlite3Select function in select.c can cause a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usages...

7.5CVSS7.9AI score0.03333EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.14 views

Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint

Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...

5.4AI score0.00032EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 9:0 p.m.6 views

GHSA-VXM7-9X8V-8GM4 Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint

Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...

6.5CVSS5.4AI score0.00032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49056

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.85.0 Description Authenticated users with the lowest-privilege Observer role can extract host enrollment secrets, specifically node key and orbit node key, using a cursor-based binary search oracle. The issue exists i...

6.5CVSS5.9AI score0.00032EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/09 1:19 p.m.54 views

Exploit for CVE-2026-00000

CVE-2026-00000 Boolean-blind SQL injection Description...

5.6AI score
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:45 a.m.7 views

CVE-2026-11473

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

jflyfox jfinal_cms 注入漏洞

jflyfox jfinalcms is a powerful information consulting website developed by jflyfox as open source. It uses the concise and robust JFinal as the web framework, Beetl as the template engine, MySQL as the database, and the Bootstrap framework for the front end. Versions of jflyfox jfinalcms 5.1.0 a...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.18 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.7AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/06 4:28 a.m.38 views

CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00325EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.37 views

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS0.00259EPSS
Exploits0References5
Rows per page
Query Builder