Lucene search
K

4 matches found

NVD
NVD
added 2026/04/01 8:16 p.m.5 views

CVE-2026-34455

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

8.8CVSS0.0035EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/01 7:56 p.m.4 views

CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

8.7CVSS5.8AI score0.0035EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/18 10:47 p.m.23 views

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

5.7CVSS0.0022EPSS
Exploits1References2
OSV
OSV
added 2023/12/13 9:15 p.m.3 views

ALPINE-CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...

5.5CVSS7.4AI score0.00444EPSS
Exploits1References1
Rows per page
Query Builder