Lucene search
K

154 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-39178

The CVE-2026-39178 issue affects SOGo up to version 5.12.6, where the contact search component exposes a SQL injection via the allContactSearch endpoint’s search parameter. The root cause is insufficient protection of the SQL query structure, enabling authenticated users to execute arbitrary SQL ...

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 3:51 p.m.6 views

EUVD-2026-40132

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS5.9AI score0.0013EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.11 views

CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS0.00368EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:17 p.m.9 views

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 10:17 p.m.41 views

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS0.00368EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:17 p.m.10 views

Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48300

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An authenticated user can cause a server crash or the return of incorrect results by creating documents that interfere with internal metadata processing during query execution. This issue is...

7.1CVSS5.5AI score0.00368EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from insufficie...

7.1CVSS5.3AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Rapid7 Velociraptor 注入漏洞

Rapid7 Velociraptor is a digital forensics and incident response platform provided by Rapid7, Inc. Versions of Rapid7 Velociraptor prior to 0.76.6 contained an injection vulnerability. This vulnerability stemmed from YAML injections in Windows.Collectors.Remapping artifacts. The host name field w...

7.8CVSS5.7AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 2:16 p.m.12 views

CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS0.00941EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/05/19 12:59 p.m.48 views

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS0.00941EPSS
Exploits2References4
EUVD
EUVD
added 2026/05/19 12:59 p.m.10 views

EUVD-2026-30931

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS6AI score0.00941EPSS
Exploits3References4
CVE
CVE
added 2026/05/19 12:59 p.m.23 views

CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

9.3CVSS6AI score0.00941EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:0 p.m.8 views

CVE-2026-43937

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-38087

Name of the Vulnerable Software and Affected Versions Rucio versions 1.30.0 through 35.8.4 Rucio versions 38.x through 38.5.4 Rucio versions 39.x through 39.4.1 Rucio versions 40.x through 40.1.0 Description An issue exists in the FilterEngine.create postgres query function where authenticated...

9.9CVSS6.6AI score0.00301EPSS
Exploits0References8
NVD
NVD
added 2026/04/27 8:16 p.m.7 views

CVE-2026-5394

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...

7CVSS0.00346EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/17 6:31 a.m.5 views

EUVD-2026-23368

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

6.3CVSS6.1AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder