Lucene search
+L

9 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-57821

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS0.00791EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-58896

Name of the Vulnerable Software and Affected Versions Apache Fineract versions prior to 1.14.1 Description An authenticated user with permissions to view offices can perform a time-based blind SQL injection via the 'Office Search API' endpoint '/api/v1/offices'. The issue occurs because the order...

8.1CVSS6.2AI score0.00791EPSS
Exploits1References6
NVD
NVD
added 2026/07/10 9:16 p.m.8 views

CVE-2026-57230

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...

5.4CVSS0.00207EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 8:47 p.m.8 views

CVE-2026-57230

OpenReplay (self-hosted session replay) prior to 1.27.0 is affected by an authenticated SQL injection in the session search and analytics API for enterprise editions with multi-tenancy enabled. The vulnerability arises from building ClickHouse queries by inserting user input into the query string...

5.4CVSS6.1AI score0.00207EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

WordPress plugin Geo Mashup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/16 5:52 p.m.10 views

CVE-2026-33083 DataEase has SQL Injection in Order By Clause

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.4 views

Zabbix 7.0.x < 7.0.22 / 7.2.x < 7.2.15 / 7.4.x < 7.4.6 Multiple Vulnerabilities (ZBX-27639)

The version of Zabbix Server installed on the remote host is prior to 7.0.22, 7.2.15, 7.4.6. It is, therefore, affected by multiple vulnerabilities : - A blind SQL injection vulnerability exists in the Zabbix API via the sortfield parameter in include/classes/api/CApiService.php. A low privilege...

8.7CVSS6.1AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 9:31 p.m.4 views

EUVD-2026-14955

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

8.7CVSS6.1AI score0.0024EPSS
Exploits0References2
Prion
Prion
added 2021/11/08 3:15 p.m.13 views

Sql injection

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

5CVSS7.7AI score0.01115EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder