Lucene search
K

8 matches found

Nextcloud
Nextcloud
added 2026/05/12 9:17 a.m.10 views

Calendar app leaked user identifiers via attendee suggestion endpoint

None...

4.3CVSS5.8AI score0.00281EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6.1AI score0.00442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 6:34 a.m.1 views

CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6AI score0.00442EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:34 a.m.2 views

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6AI score0.00442EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/01/29 3:16 p.m.9 views

CVE-2020-37004

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.6 views

CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.15 views

CVE-2020-37004

Ultimate Project Manager CRM PRO 2.0.5 is affected by a blind SQL injection vulnerability in the /frontend/get_article_suggestion/ endpoint. An attacker can craft malicious search parameters to perform boolean-based inference and progressively extract usernames and password hashes from the tbl_us...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/03 9:30 p.m.33 views

Cross Site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

8.2CVSS5.9AI score0.00904EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder