Lucene search
+L

538 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-63085 Axelor Open Platform 8.x < 8.2.2 Authorization Bypass via Nested Relational Record Persistence

Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such...

8.8CVSS0.00371EPSS
Exploits0References3
CVE
CVE
added 2 days ago6 views

CVE-2026-63085

Axelor Open Platform 8.x prior to 8.2.2 contains an authorization bypass vulnerability. Authenticated non-admins can escalate privileges by exploiting unenforced field restrictions on nested relational save operations, enabling modification of sensitive User fields (roles, groups) through a relat...

8.8CVSS6.1AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-52093

🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/23 5:43 p.m.9 views

Improper Neutralization of Special Elements in Data Query Logic

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the enrichContext process. An attacker can access and modify all documents in connected NoSQL databases by injecting crafted...

10CVSS5.8AI score0.00538EPSS
Exploits2References3
Veracode
Veracode
added 2026/06/18 7:54 a.m.64 views

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-41697

A flaw was found in Spring Data Relational. This vulnerability allows a remote attacker to perform boolean-based blind data inference by supplying wildcard characters in externally-controlled input when using StringMatcher in Query By Example QBE. This can lead to the disclosure of sensitive...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.13 views

EUVD-2026-35893

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.16 views

CVE-2026-41697

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

VMware Spring Data Relational 安全漏洞

VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...

4.8CVSS5.3AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.10 views

CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.43 views

CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.49 views

CVE-2026-41697

CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.28 views

PT-2026-48313

Name of the Vulnerable Software and Affected Versions Spring Data Relational/JDBC/R2DBC versions 4.0.0 through 4.0.5 Spring Data Relational/JDBC/R2DBC versions 3.5.0 through 3.5.11 Spring Data Relational/JDBC/R2DBC versions 3.4.0 through 3.4.14 Spring Data Relational/JDBC/R2DBC versions 3.3.0...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 12:0 a.m.9 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via Query By Example QBE StringMatcher handling. An attacker can perform boolean-based blind data inference by supplying wildcard characters in externally controlled input used to populate a QBE probe. When...

6.3CVSS5.9AI score0.00227EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.10 views

cve-2026-41697 - MEDIUM - Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

cve-2026-41697 - MEDIUM - Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern...

4.8CVSS6.1AI score0.00227EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/01 1:7 p.m.132 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Strapi PoC For authorized security testing o...

9.2CVSS5.8AI score0.00612EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:5 a.m.9 views

net: rds: fix MR cleanup on copy error

...

7.8CVSS5.4AI score0.00129EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.20 views

Important: kernel-livepatch-6.1.168-203.330

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.168-203.330 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
NVD
NVD
added 2026/05/20 10:16 p.m.22 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS0.00295EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42269

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3
Rows per page
Query Builder