Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

234328 matches found

NVD
NVDadded 2026/05/06 6:16 p.m.2 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/06 5:21 p.m.43 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/06 5:21 p.m.5 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/06 5:21 p.m.5 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References1
CVE
CVEadded 2026/05/06 5:21 p.m.12 views

CVE-2026-29090

Rucio contains a SQL injection in FilterEngine.create_postgres_query() when the postgres_meta metadata plugin is configured. Attacker-controlled filter keys/values are interpolated into raw SQL via Python .format() and passed to psycopg3.sql.SQL(), enabling arbitrary SQL against the PostgreSQL me...

9CVSS6.4AI score0.00301EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/06 5:16 p.m.6 views

CVE-2026-29080

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

9.4CVSS0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/06 4:44 p.m.3 views

CVE-2026-29080

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

9.4CVSS6AI score0.00281EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/06 4:44 p.m.35 views

CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

9.4CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/06 4:44 p.m.7 views

CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

9.4CVSS6AI score0.00281EPSS
Exploits0References1
CVE
CVEadded 2026/05/06 4:44 p.m.9 views

CVE-2026-29080

CVE-2026-29080 describes an SQL injection in Rucio’s FilterEngine for Oracle JSON Path via the DID search API. In Oracle deployments using the default json_meta plugin, create_sqla_query() interpolates attacker-controlled key and value directly into sqlalchemy.text() via Python .format(), bypassi...

9.4CVSS6AI score0.00281EPSS
Exploits0References1Affected Software1
Snyk
Snykadded 2026/05/06 4:44 p.m.11 views

SQL Injection

Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection via the createpostgresquery function when attacker-controlled filter keys and values are interpolated directly into raw SQL statements through the DID search endpoint. An attacker can execute...

9.9CVSS6.7AI score0.00301EPSS
Exploits0References2
OSV
OSVadded 2026/05/06 4:44 p.m.3 views

GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.8AI score0.00301EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/06 4:44 p.m.7 views

Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9CVSS6.8AI score0.00301EPSS
Exploits0References3Affected Software1
Snyk
Snykadded 2026/05/06 4:42 p.m.10 views

SQL Injection

Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection in the createsqlaquery function when processing filter keys and values in Oracle database backends using the default jsonmeta metadata plugin configuration. An attacker can execute arbitrary SQL...

9.9CVSS6.7AI score0.00281EPSS
Exploits0References2
OSV
OSVadded 2026/05/06 4:42 p.m.5 views

GHSA-VJR5-C9QV-HGM3 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.5AI score0.00281EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/06 2:21 p.m.6 views

CVE-2026-3359

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References1
Wolfi
Wolfiadded 2026/05/06 1:48 p.m.24 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: gitaly, gitlab-kas, temporal-server, keda, cloudnative-pg, spqr, envoy-gateway, kube-bench, telegraf, opentelemetry-collector-contrib, hydra, teleport, timescaledb-parallel-copy, k3s, rke2-cloud-provider, grafana, flyte, azure-service-operator, falcosidekick, ferretd...

9.8CVSS5.8AI score0.00356EPSS
Exploits0
EUVD
EUVDadded 2026/05/06 12:30 p.m.4 views

EUVD-2026-27548

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References3
GithubExploit
GithubExploitadded 2026/05/06 11:59 a.m.67 views

mssql_timebased_SQLI

No d...

5.8AI score
Exploits0
NVD
NVDadded 2026/05/06 10:16 a.m.5 views

CVE-2026-1719

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS0.00336EPSS
Exploits0References2
Rows per page
Query Builder