Lucene search
K

216689 matches found

Vulnrichment
Vulnrichment
added 2026/03/18 5:21 p.m.2 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:21 p.m.3 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/18 4:34 p.m.1 views

SQL Injection

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

8.6CVSS6AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 4:34 p.m.2 views

GHSA-GCG3-C5P2-CQGG OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

The fix for GHSA-p5g2-jm85-8g35 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/18 4:16 p.m.131 views

web-app-security-project

🛡️ Web Application Security Project 📌 Overview This projec...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/18 4:16 p.m.5 views

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

9.8CVSS0.0026EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/18 1:2 p.m.120 views

SQLInject

Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...

6AI score
Exploits0
OSV
OSV
added 2026/03/18 12:59 p.m.2 views

GHSA-WMRF-HV6W-MR66 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

8.2CVSS6.1AI score0.00419EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/18 12:59 p.m.7 views

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

8.2CVSS6AI score0.00419EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2026/03/18 11:30 a.m.146 views

Exploit for CVE-2026-2413

CVE-2026-2413-POC The Ally – Web Accessibility & Usability pl...

7.5CVSS5.9AI score0.02289EPSS
Exploits1
Patchstack
Patchstack
added 2026/03/18 11:6 a.m.3 views

WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Que Thanh Tuan in WordPress Plugin Advanced WooCommerce Product Sales Reporting versions = 4.1.3...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/18 9:30 a.m.6 views

EUVD-2026-12797

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/18 9:30 a.m.8 views

SQL Injection in Spring AI MariaDBFilterExpressionConverter

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/18 8:16 a.m.8 views

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS0.00522EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/18 7:36 a.m.32 views

CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS0.00522EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/18 7:36 a.m.4 views

CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 7:36 a.m.53 views

CVE-2026-22730

CVE-2026-22730 describes a critical SQL injection vulnerability in Spring AI’s MariaDBFilterExpressionConverter, enabling bypass of metadata-based access controls and arbitrary SQL execution. Technical details across connected sources indicate the issue stems from missing input sanitization when ...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/18 4:17 a.m.6 views

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS0.00397EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 4:17 a.m.7 views

UBUNTU-CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 2:58 a.m.26 views

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS0.00397EPSS
Exploits0References2
Rows per page
Query Builder