Lucene search
K

234716 matches found

RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.8 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

8.3CVSS7.6AI score0.00754EPSS
Exploits0References7
CVE
CVE
added 2026/03/26 8:5 p.m.38 views

CVE-2026-33375

CVE-2026-33375 concerns the Grafana MSSQL Data Source Plugin, where a logic flaw lets a low-privileged user (Viewer) bypass API restrictions and cause an Out-Of-Memory (OOM) DoS, crashing the host container. The connected records confirm the affected component (Grafana MSSQL data source plugin) a...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/26 8:5 p.m.2 views

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.9AI score0.00434EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:5 p.m.7 views

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/26 7:47 p.m.7 views

rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS5.9AI score0.00262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/26 7:47 p.m.11 views

Important: Red Hat Security Advisory: Satellite 6.18.4 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

10CVSS6.7AI score0.01945EPSS
Exploits3References16
NVD
NVD
added 2026/03/26 7:17 p.m.4 views

CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 7:17 p.m.2 views

CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS0.00446EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 7:17 p.m.3 views

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

7.7CVSS0.00373EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 7:6 p.m.21 views

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS0.00446EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 7:6 p.m.3 views

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS5.8AI score0.00446EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:6 p.m.1 views

CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS5.8AI score0.00446EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/26 7:6 p.m.12 views

CVE-2026-33153

Tandoor Recipes prior to version 2.6.0 exposes a hidden query parameter ?debug=true in the Recipe API endpoint that returns the full raw SQL being executed, including table/column names, JOINs, WHERE conditions (reveling access control logic) and multi-tenant space IDs. This parameter remains ava...

8.7CVSS5.8AI score0.00446EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/26 7:6 p.m.6 views

EUVD-2026-16317

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS5.8AI score0.00446EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 6:37 p.m.21 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 6:37 p.m.25 views

CVE-2026-33505

Ory Keto (GetRelationships API) is vulnerable to SQL injection before version 26.2.0 due to flaws in pagination. Pagination tokens are encrypted with secrets.pagination; if an attacker knows this secret, they can forge tokens that inject SQL. If secrets.pagination is not set, a public default sec...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 6:37 p.m.9 views

EUVD-2026-13916

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

9.3CVSS6.2AI score0.00442EPSS
Exploits3References13
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:37 p.m.4 views

CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 6:37 p.m.5 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 6:37 p.m.6 views

CVE-2026-33505 Ory Keto has a SQL injection via forged pagination tokens

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder