Lucene search
+L

933 matches found

Cvelist
Cvelist
added yesterday6 views

CVE-2026-8056 Parameter Injection Vulnerability in API Graph Execution Engine

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-8056

Summary: IBM Langflow OSS 1.0.0–1.10.0 contains a parameter injection vulnerability in the API Graph Execution Engine. A flaw in the parameter filtering logic in the apply_tweaks() function allows authenticated users to override component parameters at runtime via the tweaks API, potentially exec...

8.8CVSS5.3AI score
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43589

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-12385 Smart Slider 3 <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via WP_Query Parameter Injection via 'keyword' Parameter

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 11:44 p.m.7 views

GHSA-6W3M-4HHP-775Q KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping

Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...

5.9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/07/05 1:0 a.m.36 views

CVE-2026-14688 itsourcecode Online Hotel Management System login.php sql injection

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

7.5CVSS0.00281EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:35 p.m.6 views

Security Bulletin: Parameter Injection Vulnerability in API Graph Execution Engine

Summary A parameter injection vulnerability existed in the API Graph Execution Engine's tweaks processing mechanism. The vulnerability allowed authenticated attackers to bypass security controls and inject malicious parameters into flow components at runtime. An attacker with valid API credential...

8.8CVSS6AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/29 4:16 p.m.11 views

CVE-2026-13746

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

5.4CVSS0.0013EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Tridium Niagara Use of GET Request Method With Sensitive Query Strings (CVE-2025-3943)

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11;...

7.5CVSS7.4AI score0.07416EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:17 p.m.17 views

CVE-2017-20270

CVE-2017-20270 affects the Joomla! Twitch Tv component 1.1, with an SQL injection vulnerability in the GET parameters username and id via index.php (option=com_twitchtv and view) that allows unauthenticated attackers to execute arbitrary SQL and extract sensitive data (credentials, configuration)...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 12:22 p.m.9 views

USN-8421-1 ironic vulnerabilities

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. A privileged authenticated remote user could use this issue to perform path traversal via a crafted ISO image and overwrite arbitrary files on the Ironic conductor...

8.1CVSS6AI score0.00601EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/11 12:22 p.m.12 views

USN-8421-1: Ironic vulnerabilities

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. A privileged authenticated remote user could use this issue to perform path traversal via a crafted ISO image and overwrite arbitrary files on the Ironic conductor...

8.1CVSS5.9AI score0.00601EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

MCP Server Kubernetes 参数注入漏洞

MCP Server Kubernetes is an MCP server for Kubernetes management, developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.7.0 contained a parameter injection vulnerability. This vulnerability stemmed from the kubectl generic tool not performing a whitelist check on the tokens...

6.1CVSS5.4AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.25 views

NoMachine 参数注入漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. Versions of NoMachine prior to 9.5.7 and 8.23.2 contained a parameter injection vulnerability. This vulnerability stemmed from improper of parameter separators in commands, which could lead to parameter...

7.3CVSS5.5AI score0.00131EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

NSA Ghidra 参数注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a parameter injection vulnerability. This vulnerability stemmed from improper escaping of the ‘cmd.exe’...

8.4CVSS5.4AI score0.00503EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 1:16 p.m.17 views

CVE-2026-11513

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47269

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search staff for deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...

6.5CVSS6.4AI score0.002EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/06 12:31 a.m.10 views

EUVD-2026-34930

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.8AI score0.00352EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6795

URL redirection to untrusted site 'open redirect' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

9.6CVSS5.3AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Ansible 参数注入漏洞

Ansible is an easy-to-use IT automation system developed under the open source license of Ansible. Ansible has a parameter injection vulnerability, which stems from improper use of the parameter separator in the ansible-galaxy role install command, allowing arbitrary code to execute...

7.8CVSS5.6AI score0.00156EPSS
Exploits0References3
Rows per page
Query Builder