CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

453 matches found

OSV•added 2018/05/31 8:29 p.m.•10 views

CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...

9.8CVSS9.8AI score

Exploits0References2

NVD•added 2018/05/31 8:29 p.m.•16 views

CVE-2016-10550

9.8CVSS9.5AI score0.01913EPSS

Exploits0References2

NVD•added 2018/05/31 8:29 p.m.•34 views

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

9.8CVSS9.7AI score0.01285EPSS

Exploits0References2

OSV•added 2018/05/31 8:29 p.m.•13 views

CVE-2016-10553

9.8CVSS10AI score

Exploits0References2

Prion•added 2018/05/31 8:29 p.m.•10 views

Sql injection

7.5CVSS8.1AI score0.01285EPSS

Exploits0References2Affected Software1

Prion•added 2018/05/31 8:29 p.m.•8 views

Input validation

7.5CVSS7.6AI score0.01913EPSS

Exploits0References2Affected Software1

CVE•added 2018/05/31 8:0 p.m.•55 views

CVE-2016-10550

The CVE-2016-10550 issue affects sequelize (ORM for Node.js) where user input into limit or order parameters can be used to inject SQL. Concrete details across documents show affected version: 3.16.0 and earlier. Root cause is improper handling of input in query construction, enabling SQL stateme...

9.8CVSS9.5AI score0.01913EPSS

Exploits0References2Affected Software1

CVE•added 2018/05/31 8:0 p.m.•53 views

CVE-2016-10553

CVE-2016-10553 affects the Node.js ORM sequelize . The vulnerability is a SQL Injection when user input is concatenated into queries, specifically in patterns like findOne or where: "user input". Affected versions are the pre-3.0 releases; the recommended fix is to upgrade to version 3.0.0 or lat...

9.8CVSS9.7AI score0.01285EPSS

Exploits0References2Affected Software1

CVE•added 2018/05/31 8:0 p.m.•56 views

CVE-2016-10554

The CVE concerns sequelize (Node.js ORM). Before 1.7.0-alpha3, sequelize defaults SQLite to MySQL backslash escaping, even though SQLite uses PostgreSQL escaping, creating a SQL injection risk when Sequelize connects to SQLite. Affected: sequelize versions prior to 1.7.0-alpha3. Root cause: escap...

9.8CVSS9.5AI score0.01913EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/05/31 8:0 p.m.•19 views

CVE-2016-10550

9.6AI score0.01913EPSS

Exploits0References2

Cvelist•added 2018/05/31 8:0 p.m.•30 views

CVE-2016-10553

9.8AI score0.01285EPSS

Exploits0References2

Cvelist•added 2018/05/31 8:0 p.m.•27 views

CVE-2016-10554

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

9.6AI score0.01913EPSS

Exploits0References2

CNVD•added 2018/05/31 12:0 a.m.•3 views

sequelize SQL Injection Vulnerability

sequelize is a database ORM Object Relational Mapping tool for Node.js. An SQL injection vulnerability exists in sequelize 3.19.3 and earlier versions, which originates when the program uses an array as a string and fails to encode it correctly. The vulnerability can be exploited to remove IDs wi...

7.5CVSS7.9AI score0.01342EPSS

Exploits1References1

Prion•added 2018/05/29 8:29 p.m.•15 views

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...

5CVSS8AI score0.01342EPSS

Exploits1References2Affected Software1

NVD•added 2018/05/29 8:29 p.m.•22 views

CVE-2016-10556

7.5CVSS7.8AI score0.01342EPSS

Exploits1References2

OSV•added 2018/05/29 8:29 p.m.•16 views

CVE-2016-10556

7.5CVSS8.1AI score

Exploits0References2

CVE•added 2018/05/29 8:0 p.m.•63 views

CVE-2016-10556

CVE-2016-10556 affects the Sequelize ORM for Node.js (v3.19.3 and earlier). The issue: when an array is used as a string in a query, Sequelize incorrectly escapes it, causing a SQL injection in Postgres, SQLite, and MSSQL. The PoC shows a crafted replacements value leading to a query like: SELECT...

7.5CVSS7.7AI score0.01342EPSS

Exploits1References2Affected Software1

Cvelist•added 2018/05/29 8:0 p.m.•24 views

CVE-2016-10556

7.8AI score0.01342EPSS

Exploits1References2

n0where•added 2018/03/19 12:40 a.m.•32 views

Intentionally Insecure Webapp for Security Training: OWASP Juice Shop

OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScri...

0.4AI score

Exploits0References6

OSV•added 2017/10/24 6:33 p.m.•8 views

GHSA-XQG8-CV3H-XPPV SQL Injection in sequelize

Versions 2.0.0-rc-7 and earlier of sequelize are affected by a SQL injection vulnerability when user input is passed into the order parameter. Proof of Concept javascript Test.findAndCountAll where: id :1 , order : 'id', 'UNTRUSTED USER INPUT' Recommendation Update to version 2.0.0-rc8 or later...

7.5CVSS7.2AI score0.02174EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by