Lucene search
+L

220 matches found

Nuclei
Nuclei
added 16 hours ago24 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.9AI score0.01195EPSS
Exploits0References4
Nuclei
Nuclei
added 16 hours ago40 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS9.2AI score0.02207EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-56287

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

8.1CVSS0.00696EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-57821

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS0.00791EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-57821

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS6.1AI score0.00791EPSS
Exploits1References4
OSV
OSV
added 2 days ago4 views

CVE-2026-57821 Apache Fineract: Office list: SQL Injection via Subquery in orderBy

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS6.1AI score0.00791EPSS
Exploits1References5
CVE
CVE
added 2 days ago25 views

CVE-2026-57821

Apache Fineract Office Search API (GET /api/v1/offices) is affected up to version 1.14.0. The vulnerability arises from a SQL injection in the orderBy parameter, which is concatenated into a SQL query without adequate validation. An authenticated user with permission to view offices can inject ar...

8.1CVSS6.1AI score0.00791EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2 days ago13 views

CVE-2026-56287

Summary: CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The orderBy and sortOrder parameters are concatenated into a SQL query without sufficient validation, enabling an authenticated user to inj...

8.1CVSS6.1AI score0.00696EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2 days ago4 views

CVE-2026-56287 Apache Fineract: Boolean SQL Injection in Client Search API (orderBy parameter) leading to Local File Disclosure

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

8.1CVSS6.1AI score0.00696EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44603

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

8.1CVSS6.1AI score0.00696EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-58896

Name of the Vulnerable Software and Affected Versions Apache Fineract versions prior to 1.14.1 Description An authenticated user with permissions to view offices can perform a time-based blind SQL injection via the 'Office Search API' endpoint '/api/v1/offices'. The issue occurs because the order...

8.1CVSS6.2AI score0.00791EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-528 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.3AI score0.00281EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.8 views

CVE-2026-7211

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcpserver.py of the component Git Search API. Executing a manipulation of the argument repourl/pattern can lead to command injection. The attack can be executed remotel...

7.5CVSS6.9AI score0.01338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:28 a.m.8 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/05/26 3:17 p.m.21 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00318EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/26 2:0 p.m.14 views

EUVD-2026-31829

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/26 2:0 p.m.12 views

CVE-2026-9552 Das Parking Management System 停车场管理系统 Search API Endpoint sql injection

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/05/26 2:0 p.m.24 views

CVE-2026-9552

CVE-2026-9552 affects Das Parking Management System 6.2.0, specifically the Search API Endpoint. The vulnerability is a SQL injection triggered by manipulating the Value parameter, allowing remote exploitation. Public exploits exist. The vendor was contacted but did not respond. No remediation de...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:0 p.m.11 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder