Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52093

🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/18 7:54 a.m.61 views

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/17 10:16 p.m.6 views

CVE-2026-40352

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...

8.8CVSS0.0038EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 2:19 p.m.3 views

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

8.8CVSS0.00329EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 10:12 a.m.11 views

CVE-2026-3023

CVE-2026-3023 affects the Wakyma web application, specifically the endpoint VetS.wakyma.com/pets/print-tags. The issue is a NoSQL injection (NoSQLi) in a POST request that authenticated users can abuse to inject NoSQL commands, enabling listing of pets and owner names. Multiple connected entries ...

8.8CVSS5.9AI score0.00329EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:11 a.m.3 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 10:11 a.m.14 views

CVE-2026-3022

The CVE-2026-3022 entry concerns the Wakyma web application. A NoSQL injection (NoSQLi) vulnerability exists in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary, where an authenticated user can modify a POST request to inject NoSQL commands and potentially access cust...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/16 10:11 a.m.28 views

CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.2 views

PT-2026-25670

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/pets/print-tags. This vulnerability could allow authenticated users to list pets and...

8.8CVSS5.8AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/centro/equipo/empleado. This vulnerability could allow authenticated users to enumerate...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

Wakyma 安全漏洞

Wakyma is a pet management app developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary. This vulnerability could allow authenticated...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 2:47 p.m.3 views

BIT-PARSE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verification...

8.7CVSS5.8AI score0.00455EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 9:5 p.m.6 views

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

9.3CVSS5.5AI score0.00337EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/06 6:59 p.m.180 views

Bugbounty-Scanner-Suite

Bugbounty Scanner Suite Herramienta todo-en-uno para automati...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/10 12:30 p.m.6 views

EUVD-2025-33715

The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database...

7.5AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2025/08/15 1:15 p.m.9 views

CVE-2025-9053

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publ...

9.8CVSS0.00415EPSS
Exploits1References5
OSV
OSV
added 2024/10/29 10:15 p.m.2 views

CVE-2024-48573

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...

9.8CVSS5.8AI score0.01EPSS
Exploits2References1
Rows per page
Query Builder