CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

RedhatCVE•added 2026/04/01 10:58 a.m.•1 views

CVE-2026-4317

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

9.3CVSS6.2AI score0.0002EPSS

Exploits0References1

NVD•added 2026/03/31 10:16 a.m.•5 views

CVE-2026-4317

9.3CVSS0.0002EPSS

Exploits0References1

Vulnrichment•added 2026/03/31 9:53 a.m.•2 views

CVE-2026-4317 SQL inyection in Umami Software application

9.3CVSS6.2AI score0.0002EPSS

Exploits0References1

Cvelist•added 2026/03/31 9:53 a.m.•21 views

CVE-2026-4317 SQL inyection in Umami Software application

9.3CVSS0.0002EPSS

Exploits0References1

CVE•added 2026/03/31 9:53 a.m.•4 views

CVE-2026-4317

CVE-2026-4317 describes an SQL injection in the Umami Software web application where an improperly sanitized timezone parameter is interpolated directly into SQL queries (potentially via prisma.rawQuery/prisma.$queryRawUnsafe or raw queries with ClickHouse). This authenticated-access vulnerabilit...

9.3CVSS6.2AI score0.0002EPSS

Exploits0References1

ATTACKERKB•added 2026/03/31 9:53 a.m.•0 views

CVE-2026-4317

9.3CVSS6.2AI score0.0002EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/03/31 12:0 a.m.•2 views

Umami SQL注入漏洞

Umami is a lightweight analysis platform provided by Umami Inc., which offers features for website access statistics and user behavior analysis. Umami has a SQL injection vulnerability, which stems from improper cleaning of the timezone request parameters. This vulnerability may lead to SQL...

9.3CVSS5.8AI score0.0002EPSS

Exploits0References1

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29215

9.3CVSS6.2AI score0.0002EPSS

Exploits0References2

EUVD•added 2025/10/30 12:31 a.m.•2 views

EUVD-2025-36877

Drupal Umami Analytics allows Cross-Site Scripting XSS...

3.8CVSS5.5AI score0.00031EPSS

Exploits0References2

OSV•added 2025/10/30 12:31 a.m.•3 views

GHSA-JXP8-4JW5-5XJC Drupal Umami Analytics allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS. This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

3.8CVSS5.9AI score0.00031EPSS

Exploits0References2

Github Security Blog•added 2025/10/30 12:31 a.m.•6 views

Drupal Umami Analytics allows Cross-Site Scripting (XSS)

3.8CVSS5.9AI score0.00031EPSS

Exploits0References3Affected Software1

NVD•added 2025/10/30 12:15 a.m.•3 views

CVE-2025-10931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

3.8CVSS0.00031EPSS

Exploits0References1

OSV•added 2025/10/30 12:15 a.m.•0 views

CVE-2025-10931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

3.8CVSS5.8AI score

Exploits0References1

CNNVD•added 2025/10/30 12:0 a.m.•2 views

Drupal Umami Analytics 安全漏洞

Drupal Umami Analytics is a web statistics plugin for the Drupal community. A security vulnerability exists in Drupal Umami Analytics versions prior to 1.0.1, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...

3.8CVSS5.9AI score0.00031EPSS

Exploits0References2

Vulnrichment•added 2025/10/29 11:13 p.m.•2 views

CVE-2025-10931 Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

5.5AI score0.00031EPSS

Exploits0References1

CVE•added 2025/10/29 11:13 p.m.•6 views

CVE-2025-10931

CVE-2025-10931 corresponds to a Cross-Site Scripting (XSS) vulnerability in Drupal Umami Analytics. The connected sources confirm the flaw arises from improper neutralization of input during web page generation and affects Umami Analytics versions prior to 1.0.1 (e.g., 0.0.0 up to before 1.0.1). ...

3.8CVSS5.5AI score0.00031EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/10/29 11:13 p.m.•6 views

CVE-2025-10931 Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

0.00031EPSS

Exploits0References1

Positive Technologies•added 2025/10/29 12:0 a.m.•3 views

PT-2025-44359

Name of the Vulnerable Software and Affected Versions Drupal Umami Analytics versions prior to 1.0.1 Description A flaw exists in Drupal Umami Analytics that allows for Cross-Site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability...

3.8CVSS5.8AI score0.00031EPSS

Exploits0References5

OSV•added 2025/09/24 5:27 p.m.•2 views

DRUPAL-CONTRIB-2025-109

This module enables you to add Umami Analytics web statistics tracking system to your website. The "administer umami analytics" permission allows inserting an arbitrary JavaScript file on every page. While this is an expected feature, the permission lacks the "restrict access" flag, which should...

3.8CVSS5.8AI score0.00031EPSS

Exploits0References1

Drupal•added 2025/09/24 12:0 a.m.•5 views

Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

3.8CVSS5.4AI score0.00031EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by