14 matches found
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57925
JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...
PT-2026-52705
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...
EUVD-2026-19632
An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...
CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...
CVE-2026-5372 runZero Platform SQL injection in saved queries
An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...
CVE-2026-5372
CVE-2026-5372 describes a SQL injection in saved queries affecting the runZero Platform introduced in version 4.0.260123.0 and fixed in 4.0.260123.1. The issue is categorized as CWE-89 with CVSSv3.1 parameters: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating network access required, high attack c...
CVE-2026-5372 runZero Platform SQL injection in saved queries
An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...
CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...
PT-2026-30835
An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...
CVE-2025-13109
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...
EUVD-2025-200981
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...
PT-2025-48805
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof add query" and "woof remove query" functions due to missing validation on a user controlled key. This makes i...