Lucene search
K

14 matches found

NVD
NVD
added last week8 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

5.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added last week36 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS0.00167EPSS
Exploits0References1
CVE
CVE
added last week20 views

CVE-2026-57925

JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52705

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/07 3:30 p.m.4 views

EUVD-2026-19632

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 3:17 p.m.4 views

CVE-2026-5372

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 2:10 p.m.1 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:10 p.m.10 views

CVE-2026-5372

CVE-2026-5372 describes a SQL injection in saved queries affecting the runZero Platform introduced in version 4.0.260123.0 and fixed in 4.0.260123.1. The issue is categorized as CWE-89 with CVSSv3.1 parameters: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating network access required, high attack c...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.19 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5372

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30835

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References5
NVD
NVD
added 2025/12/03 1:16 p.m.5 views

CVE-2025-13109

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...

4.3CVSS0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/03 12:29 p.m.5 views

EUVD-2025-200981

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...

4.3CVSS5.3AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.7 views

PT-2025-48805

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof add query" and "woof remove query" functions due to missing validation on a user controlled key. This makes i...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References3
Rows per page
Query Builder