Lucene search
+L

38 matches found

GithubExploit
GithubExploit
added 2026/02/24 5:30 p.m.282 views

Exploit for CVE-2026-26198

versions 0.9.9 through 0.22.0, when performing Vulnerability...

9.8CVSS5.9AI score0.00915EPSS
Exploits2
OSV
OSV
added 2026/02/24 3:16 a.m.3 views

DEBIAN-CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

7.5CVSS9.1AI score0.00915EPSS
Exploits2References1
NVD
NVD
added 2026/02/24 3:16 a.m.10 views

CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS0.00915EPSS
Exploits2References3
OSV
OSV
added 2026/02/24 3:16 a.m.5 views

UBUNTU-CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS7.4AI score0.00915EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/02/24 2:3 a.m.4 views

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS5.9AI score0.00915EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:3 a.m.3 views

CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS5.9AI score0.00915EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/02/24 2:3 a.m.22 views

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS0.00915EPSS
Exploits2References3
EUVD
EUVD
added 2026/02/24 2:3 a.m.7 views

EUVD-2026-7409

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS5.8AI score0.00915EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2026/02/24 2:3 a.m.50 views

CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS9.1AI score0.00915EPSS
Exploits2
CVE
CVE
added 2026/02/24 2:3 a.m.41 views

CVE-2026-26198

CVE-2026-26198 — ormar (Python async ORM) is affected in versions 0.9.9 through 0.22.0. The vulnerability arises in aggregate queries where the ORM passes user-supplied column names directly into sqlalch emy.text() without validation for min() and max(), allowing attacker-controlled strings to be...

9.8CVSS5.8AI score0.00915EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/02/24 2:3 a.m.5 views

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS6AI score0.00915EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS7.5AI score0.00915EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.13 views

ormar SQL注入漏洞

ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.22.0 have a SQL injection vulnerability. This vulnerability stems from the min and max methods not verifying the column names entered by users, which may lead to SQL injection attacks...

9.8CVSS7.5AI score0.00915EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing...

9.8CVSS7.2AI score0.00915EPSS
Exploits2References3
Snyk
Snyk
added 2026/02/23 10:12 p.m.1 views

SQL Injection

Overview ormar is an An async ORM with fastapi in mind and pydantic validation. Affected versions of this package are vulnerable to SQL Injection via the min and max aggregate functions, which accept user-supplied column names without validation and pass them directly into SQL expressions. An...

9.8CVSS6.2AI score0.00915EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/02/23 10:12 p.m.7 views

ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...

9.8CVSS6.3AI score0.00915EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/02/23 10:12 p.m.3 views

GHSA-XXH2-68G9-8JQR ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...

9.8CVSS6.4AI score0.00915EPSS
Exploits2References5
FreeBSD
FreeBSD
added 2026/02/22 12:0 a.m.5 views

py-ormar -- vulnerabilities

https://github.com/ormar-orm/ormar/security/advisories reports: SQL Injection in aggregate functions min and max Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...

9.8CVSS7.4AI score0.01192EPSS
Exploits1References2
Rows per page
Query Builder