Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/05/20 7:57 p.m.9 views

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

8.8CVSS6.1AI score0.00365EPSS
Exploits0References1
osv
osv
added 2026/05/19 6:32 p.m.8 views

GHSA-XP6R-8PCC-XV5P BillaBear is Vulnerable to SQL Injection in the EventRepository

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

8.8CVSS6.1AI score0.00365EPSS
Exploits0References4
nvd
nvd
added 2026/05/19 4:16 p.m.12 views

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

8.8CVSS0.00365EPSS
Exploits0References3
euvd
euvd
added 2026/05/19 12:0 a.m.10 views

EUVD-2026-30946

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

6.1AI score0.00365EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/19 12:0 a.m.9 views

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

6.1AI score0.00365EPSS
Exploits0References4
Rows per page
Query Builder