Lucene search
K

2118 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.12 views

CVE-2026-47346

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 6:17 p.m.12 views

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 5:34 p.m.8 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:48 a.m.33 views

CVE-2026-11607

TYPO3 CMS vulnerability CVE-2026-11607 affects the Form Framework in multiple TYPO3 releases (before 10.4.57, 11.x before 11.5.51, 12.x before 12.4.46, 13.x before 13.4.31, and 14.x before 14.3.3). A back-end user with access to the Form Framework can upload or reference form definitions from fil...

7.6CVSS6AI score0.00238EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/09 8:1 a.m.8 views

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

...

9.8CVSS5.4AI score0.00413EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/09 2:27 a.m.12 views

SUSE CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

5.5CVSS5.7AI score0.00413EPSS
Exploits0References3
NVD
NVD
added 2026/06/05 3:16 p.m.15 views

CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

9.8CVSS0.00413EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 3:16 p.m.7 views

UBUNTU-CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

9.8CVSS5.7AI score0.00413EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:48 p.m.9 views

CVE-2025-58897

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

8.1CVSS5.8AI score0.00337EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/06/02 9:53 a.m.14 views

23andMe exposed genetic information of millions, lawsuit says

California has sued the former shell of DNA testing company 23andMe over alleged security failures and misleading statements surrounding its 2023 data breach. On May 27, 2026, Attorney General Rob Bonta filed suit in San Francisco Superior Court against Chrome Holding Co., the company now handlin...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/14 6:35 p.m.10 views

EUVD-2026-30352

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS6.5AI score0.01178EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

mem0 安全漏洞

mem0 is an open-source benchmark testing tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in memory reset and table reconstruction functions...

6.5CVSS5.8AI score0.00374EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/10 5:16 a.m.12 views

CVE-2025-14179

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

9.8CVSS5.8AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.27 views

CVE-2026-43162 media: tegra-video: Fix memory leak in __tegra_channel_try_format()

In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...

0.00128EPSS
Exploits0References6
NVD
NVD
added 2026/05/05 8:16 p.m.8 views

CVE-2026-33324

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

9.4CVSS0.00603EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/04/27 11:34 p.m.103 views

SQLi-Scanner-Lab

🕸️ Automated SQLi Vulnerability Scanner & Lab 📌 Project Ov...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.6 views

MAS-SZZ: Multi-Agentic SZZ Algorithm for Vulnerability-Inducing Commit Identification

Accurate vulnerability-inducing commit identification serves as a foundation for a series of software security tasks, such as vulnerability detection and affected version analysis. A straightforward solution is the SZZ algorithm, which traces back through the code history to identify the earliest...

5.5AI score
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/20 11:20 p.m.6 views

CVE-2026-35588

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...

6.3CVSS5.8AI score0.00212EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/20 3:31 p.m.4 views

EUVD-2025-209532

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS6AI score0.00655EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 4:33 a.m.29 views

CVE-2026-34018

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

6.3CVSS0.00179EPSS
Exploits0References2
Rows per page
Query Builder