177 matches found
CVE-2026-43938 YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...
CVE-2026-43938
Summary (supported): CVE-2026-43938 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5 and 3.2.12. The database logger captures the request’s User-Agent into a JSON object and stores it in EventLog.Description. When an admin views the EventLog, the code deserializes that JSON and interpolates t...
CVE-2026-43938 YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...
📄 Hibernate ORM 5.6.15 SQL Injection
Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...
GHSA-33GV-FC78-QGF5 YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
Description: Stored second-order Cross-Site Scripting XSS occurs when attacker-controlled input is persisted through one component of an application and later rendered, without proper sanitization or contextual output encoding, by a completely different component — often one that implicitly trust...
xsslab
Dalfox XSS Lab Stored XSS / second-order XSS laboratory for i...
CVE-2026-40871
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871
CVE-2026-40871 affects the mailcow: dockerized project. Versions prior to 2026-03b are vulnerable to a second-order SQL injection in the quarantine_category field exposed via the Mailcow API, specifically at the /api/v1/add/mailbox endpoint. The input is stored without validation and later used b...
EUVD-2026-24253
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
SQLi
SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...
Exploit for CVE-2025-68999
CVE-2025-68999 Happy Addons for Elementor = 3.20.4 —...
CVE-2026-39319
ChurchCRM exposes a second-order SQL injection in /FundRaiserEditor.php prior to 7.1.0. An authenticated user with low privileges can inject via the iCurrentFundraiser PHP session parameter to read or modify database data. The issue is fixed in 7.1.0. CVSS v3.1 shows High impact (C/H/I/A) with Ne...
CVE-2026-39319
ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...
CVE-2026-39319 ChurchCRM has a Second Order SQLI via FundRaiserEditor.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...
SUSE CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-25773
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-34934
CVE-2026-34934 is reserved, but connected data details a concrete vulnerability in PraisonAI. The GitHub advisory GHSA-9CQ8-3V94-434G reports a second-order SQL injection in PraisonAI’s get_all_user_threads flow. The flaw: get_all_user_threads builds raw SQL via f-strings using unescaped thread I...
CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...