Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/05/20 9:36 p.m.5 views

EUVD-2026-31199

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00037EPSS
Exploits1References2
CVE
CVEadded 2026/05/20 9:36 p.m.12 views

CVE-2026-40102

The CVE concerns Plane, an open-source project management tool. In versions ≤1.3.0, SavedAnalyticEndpoint accepts a user-controlled segment value and forwards it to a Django F() expression without validation, causing ORM Field Reference Injection. An authenticated workspace MEMBER can call GET /a...

6.5CVSS5.8AI score0.00037EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/03/26 7:34 p.m.22 views

CVE-2026-33530 InvenTree Vulnerable to ORM Filter Injection

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the database. The bulk operation API endpoints e.g. /api/part/, /api/stock/,...

7.7CVSS0.00041EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/12/05 3:38 a.m.145 views

Exploit for SQL Injection in Djangoproject Django

CTF Challenge: Django ORM Injection CVE-2025-64459 Catego...

9.1CVSS7.4AI score0.00296EPSS
Exploits10
OSV
OSVadded 2022/12/02 12:15 p.m.1 views

CVE-2022-2808

Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References1
Gitee
Giteeadded 2019/10/22 11:22 p.m.4 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

9.8CVSS8.4AI score0.94468EPSS
Exploits47
Kitploit
Kitploitadded 2018/06/02 2:10 p.m.27 views

BurpBounty - A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue...

8AI score
Exploits0References1
Rows per page
Query Builder