Lucene search
K

216712 matches found

NVD
NVD
added 2026/04/03 11:17 p.m.3 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS0.00656EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.3 views

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

9.8CVSS6.8AI score0.00333EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:49 p.m.2 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:39 p.m.1 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/03 10:39 p.m.14 views

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS0.00656EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 10:39 p.m.7 views

EUVD-2026-18903

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 10:39 p.m.20 views

CVE-2026-34612

Kestra (open-source event-driven orchestration platform) prior to version 1.3.7 contains a SQL Injection that enables Remote Code Execution via the GET /api/v1/main/flows/search endpoint. After authentication, a crafted link can trigger payload execution by PostgreSQL using COPY ... TO PROGRAM .....

9.9CVSS6.1AI score0.00656EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/03 10:37 p.m.15 views

CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS0.00343EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 10:16 p.m.2 views

CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS0.00372EPSS
Exploits1References3
OSV
OSV
added 2026/04/03 9:57 p.m.3 views

GHSA-MMM5-3G4X-QW39 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals

Description Six confrontarighe.php files across different modules in OpenSTAManager fetchArray 'SELECT mgarticolilang.title, mgarticoli.codice, inrigheinterventi. FROM inrigheinterventi INNER JOIN...

8.8CVSS6.2AI score0.00416EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 9:36 p.m.0 views

CVE-2026-27885 Piwigo: SQL Injection in Activity.getList

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including...

7.2CVSS5.8AI score0.00364EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 9:36 p.m.7 views

CVE-2026-27885

CVE-2026-27885 affects Piwigo prior to version 16.3.0. A SQL injection vulnerability exists in the Activity.getList/API endpoint, exploitable by an authenticated administrator which can lead to leakage of sensitive data (user credentials, email addresses, and all stored content). The root cause i...

7.2CVSS5.8AI score0.00364EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/03 9:35 p.m.14 views

CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS0.00372EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:35 p.m.3 views

CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS6.1AI score0.00372EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/03 9:35 p.m.10 views

CVE-2026-27834

CVE-2026-27834 affects Piwigo prior to 16.3.0, where the pwg.users.getList Web Service API method is vulnerable to SQL Injection. The filter parameter is directly concatenated into a SQL query without proper sanitization, enabling authenticated administrators to execute arbitrary SQL commands. Th...

7.2CVSS6.1AI score0.00372EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 9:35 p.m.1 views

CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS6.1AI score0.00372EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 9:35 p.m.4 views

EUVD-2026-18872

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS6.1AI score0.00372EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:33 p.m.2 views

CVE-2026-27634

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated in wsstdimagesqlfilter are concatenated directly into SQL without any escaping or type validation. This...

8.7CVSS5.8AI score0.00651EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/03 9:33 p.m.16 views

CVE-2026-27634

CVE-2026-27634 affects Piwigo prior to 16.3.0, where four date-filter parameters (f_min_date_available, f_max_date_available, f_min_date_created, f_max_date_created) in ws_std_image_sql_filter() are concatenated into SQL without escaping or type validation. This allows a pre-auth SQL injection th...

9.8CVSS5.8AI score0.00651EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 9:33 p.m.3 views

CVE-2026-27634 Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated in wsstdimagesqlfilter are concatenated directly into SQL without any escaping or type validation. This...

8.7CVSS5.8AI score0.00651EPSS
Exploits1References3
Rows per page
Query Builder