Lucene search
K

216689 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/18 2:58 a.m.6 views

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 2:58 a.m.4 views

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 2:58 a.m.34 views

CVE-2026-31891

CVE-2026-31891 affects Cockpit CMS 2.13.4 and earlier with API access enabled. A SQL injection in the MongoLite Aggregation Optimizer allows an attacker with a valid read-only API key to inject arbitrary SQL via unsanitized field names in aggregation queries (toJsonExtractRaw()), bypassing the pu...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/18 2:58 a.m.4 views

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS6AI score0.00397EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 12:16 a.m.4 views

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

8.8CVSS0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.4 views

PT-2026-26156

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.2AI score0.00269EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

GLPI Inventory Plugin SQL注入漏洞

GLPI Inventory Plugin is an open-source plugin developed by French company GLPI. It is used to process various types of tasks for the GLPI agent. Versions of the GLPI Inventory Plugin prior to 1.6.6 contained a SQL injection vulnerability, which stems from improper handling of user input,...

8.8CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura prior to 10.1.14 contained security vulnerabilities, which were caused by SQL injection attacks in the getQuery and sortby parameters of the beanFeed.cfc file...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.3 views

PT-2026-26155

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.4 views

ClipBucket SQL注入漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 80 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the userid parameter input...

8.8CVSS5.9AI score0.00432EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.1 views

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

5.8AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...

9.1CVSS6AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/03/18 12:0 a.m.7 views

CVE-2025-67830

Mura CMS vulnerable before 10.1.14 due to beanFeed.cfc getQuery sortby SQL injection. Root cause is improper handling of sortby in the getQuery path, enabling SQL injection with high impact to confidentiality, integrity, and availability (CVSS 9.8). Mitigation: upgrade to version 10.1.14 or apply...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/18 12:0 a.m.9 views

CVE-2025-67829

CVE-2025-67829 affects Mura prior to 10.1.14. The issue is a SQL injection in beanFeed.cfc getQuery sortDirection, enabling high-severity (CVSS 9.8) impact with network attack vector and no user interaction. Affected component: Mura CMS (beanFeed.cfc). Root cause: improper handling of sortDirecti...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the DuckDB export module, where table names and column names were directly inserted into SQL statements, potentially leading ...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:18 p.m.3 views

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/17 11:18 p.m.10 views

CVE-2026-26001

CVE-2026-26001 affects the GLPI Inventory Plugin. The vulnerability is an SQL injection in the dropdown_calendar report, caused by non-sanitized user input prior to version 1.6.6. The issue allows an attacker with adequate rights to influence the database query (impacting confidentiality; integri...

8.8CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/17 11:18 p.m.6 views

CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

7.1CVSS5.9AI score0.00212EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 8:16 p.m.3 views

UBUNTU-CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 7:41 p.m.14 views

CVE-2026-25936

CVE-2026-25936 affects GLPI: versions 11.0.0–11.0.5 are vulnerable to an authenticated SQL injection, with the issue fixed in 11.0.6. The vulnerability is linked to authenticated user input that leads to SQL injection; exact vectors are not detailed in the provided documents. Impact indicators de...

8.8CVSS5.8AI score0.00339EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder