Lucene search
K

1453 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS6AI score0.0038EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 5 days ago7 views

A Majority of European Lawmakers Voted Against Letting Big Tech Read Our Messages. They’re Going to Anyway

Companies will once again be allowed to scan citizens’ personal texts, emails, and social media messages via the “Chat Control” bill to find child abuse material online...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/07/04 12:47 p.m.16 views

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40081

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53270

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Audit Trail report handler that allows authenticated attackers with SA GLANALYTIC permission to execute arbitrary SQL queries. This is achieved by injecting malicious...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 9:22 p.m.9 views

EUVD-2026-38383

MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:22 p.m.7 views

GHSA-WFR3-XJ75-PFWH MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement

Summary Runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means union deserialization does not consistently participate in the maximum...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.15 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:12 p.m.27 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:12 p.m.6 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:12 p.m.27 views

CVE-2026-48513

CVE-2026-48513 (MessagePack-CSharp) affects the MessagePack serializer for C#. The vulnerability arises in runtime-generated union deserializers created by DynamicUnionResolver, which did not call DepthStep(ref reader) or decrement reader.Depth during recursive deserialization and skip paths. As ...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51397

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Runtime-generated union deserializers emitted by DynamicUnionResolver fail to call MessagePackSecurity.DepthStepref reader and do not decrement...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/06/19 6:16 p.m.12 views

CVE-2019-25755

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 6:16 p.m.9 views

CVE-2019-25752

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:25 p.m.17 views

CVE-2019-25755

CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
Rows per page
Query Builder