Lucene search
K

216691 matches found

OSV
OSV
added 2026/03/17 8:16 p.m.3 views

UBUNTU-CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 7:41 p.m.14 views

CVE-2026-25936

CVE-2026-25936 affects GLPI: versions 11.0.0–11.0.5 are vulnerable to an authenticated SQL injection, with the issue fixed in 11.0.6. The vulnerability is linked to authenticated user input that leads to SQL injection; exact vectors are not detailed in the provided documents. Impact indicators de...

8.8CVSS5.8AI score0.00339EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/17 7:41 p.m.27 views

CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

6.5CVSS0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:41 p.m.3 views

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/17 6:16 p.m.3 views

CVE-2026-4319

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

9.8CVSS0.00326EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/17 5:7 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the toJsonExtractRaw function in the MongoLite Aggregation Optimizer. An attacker can extract unauthorized data from the underlying database by injecting arbitrary SQL through unsanitized field names in aggregation...

7.7CVSS6AI score0.00397EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/17 5:7 p.m.6 views

Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

7.7CVSS6AI score0.00397EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/17 5:2 p.m.23 views

CVE-2026-4319 code-projects Simple Food Order System add-item.php sql injection

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

7.5CVSS0.00326EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/17 5:2 p.m.3 views

CVE-2026-4319

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

7.5CVSS5.8AI score0.00326EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/17 3:36 p.m.11 views

Katello: Denial of Service and potential information disclosure via SQL injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS6AI score0.00262EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/03/17 3:36 p.m.4 views

EUVD-2026-12572

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS6AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/17 3:36 p.m.7 views

SQL Injection

Overview katello is a package that adds Content and Subscription Management to Foreman Affected versions of this package are vulnerable to SQL Injection via improper sanitization of user input in the sortby parameter of the /api/hosts/bootcimages endpoint. An attacker can cause database errors or...

5.4CVSS7.2AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 2:16 p.m.5 views

CVE-2026-4324

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS0.00262EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/17 1:52 p.m.3 views

CVE-2026-4324

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS6AI score0.00262EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/17 1:52 p.m.24 views

CVE-2026-4324 Rubygem-katello: katello: denial of service and potential information disclosure via sql injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS0.00262EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/17 1:52 p.m.4 views

CVE-2026-4324 Rubygem-katello: katello: denial of service and potential information disclosure via sql injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS6AI score0.00262EPSS
Exploits0References5
CVE
CVE
added 2026/03/17 1:52 p.m.22 views

CVE-2026-4324

The vulnerability CVE-2026-4324 affects the Katello plugin for Red Hat Satellite. It arises from improper sanitization in the sort_by parameter of the /api/hosts/bootc_images endpoint, enabling remote SQL injection that can cause Denial of Service via database errors and potentially extract data ...

5.4CVSS6AI score0.00262EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/17 1:52 p.m.5 views

CVE-2026-4324

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS5.9AI score0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 11:29 a.m.31 views

CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components

HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server...

2.7CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 11:29 a.m.1 views

CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components

HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server...

2.7CVSS5.9AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder