Lucene search
K

8 matches found

NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-48011

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...

3.7CVSS0.00223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.5 views

CVE-2026-34220

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 3:19 p.m.13 views

CVE-2026-34220

CVE-2026-34220 affects mikro-orm (TypeScript ORM for Node.js). A SQL injection vulnerability exists in versions prior to 6.6.10 and 7.0.6, triggered when specially crafted objects are interpreted as raw SQL query fragments during ORM write APIs (e.g., wrap(entity).assign(userInput) followed by em...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 3:19 p.m.26 views

CVE-2026-34220 MikroORM is vulnerable to SQL Injection via specially crafted object

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....

9.3CVSS0.00426EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:17 p.m.7 views

CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

8.3CVSS5.8AI score0.00377EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 3:17 p.m.29 views

CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

8.3CVSS0.00377EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 6:49 p.m.9 views

CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...

8.9CVSS5.8AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2018/12/07 9:29 p.m.3 views

CVE-2018-7066

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the...

9CVSS6.1AI score0.03483EPSS
Exploits0References1
Rows per page
Query Builder