Lucene search
K

158 matches found

NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-48114

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS0.0037EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 6:52 p.m.6 views

CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS5.6AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:34 p.m.39 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 5:34 p.m.10 views

EUVD-2026-35770

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 5:34 p.m.8 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 5:34 p.m.31 views

CVE-2026-50636

CVE-2026-50636 affects LimeSurvey’s RemoteControl API, specifically the invite_participants and remind_participants methods. The root cause is that caller-supplied token-ID arrays are concatenated directly into a tid IN ('...') clause in TokenDynamic::findUninvited() without parameterization or i...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48153

The RemoteControl API methods invite participants and remind participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperm...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 12:30 p.m.11 views

EUVD-2026-32863

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 10:16 a.m.8 views

CVE-2026-46104

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

5.5CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46104 selinux: use sk blob accessor in socket permission helpers

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 9:35 a.m.20 views

CVE-2026-46104

Linux kernel CVE-2026-46104 affects SELinux socket permission helpers. The vulnerability arises because sock_has_perm() and nlmsg_sock_has_extended_perms() dereference sk->sk_security directly, assuming the SELinux socket blob is at offset zero. In stacked LSM configurations this assumption fa...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the SELinux socket permission helper function directly dereferencing sk-sksecurity. Assuming that the...

5.8AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.22 views

CVE-2018-25371

The CVE-2018-25371 entry concerns mooSocial Store Plugin 2.6 with a blind SQL injection in the product parameter of the URL rewrite functionality. The vulnerability allows unauthenticated attackers to manipulate queries, enabling boolean-based blind, time-based blind, or stacked query techniques ...

8.8CVSS5.9AI score0.00348EPSS
Exploits0References4
Redos
Redos
added 2026/05/20 12:0 a.m.10 views

ROS-20260520-73-0010

A vulnerability in the WebRTC technology implementation of Google Chrome and Microsoft Edge browsers is related to a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS6.1AI score0.00301EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/28 2:35 p.m.367 views

Exploit for CVE-2026-42167

ProFTPD Vulnerability POCs Proof-of-concept demonstrations fo...

7.5AI score0.05004EPSS
Exploits6
Cvelist
Cvelist
added 2026/04/16 8:53 p.m.15 views

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS0.00342EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 8:53 p.m.5 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS6.1AI score0.00342EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 8:53 p.m.3 views

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS6AI score0.00342EPSS
Exploits1References2
Rows per page
Query Builder