CVE-2026-27886

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

EUVD-2016-1430

Malware in sbrugna...

EUVD-2024-0362

Malicious code in bioql PyPI...

Remote Code Execution

dtale is vulnerable to Remote Code Execution RCE via the runquery function. The vulnerability is due to improper sanitization of the query parameter. An attacker can execute arbitrary code on the server by sending malicious input...

SUSE CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...