Lucene search
+L

5 matches found

OSV
OSV
added 2026/05/27 12:35 a.m.5 views

GHSA-H4PH-CRVJ-9H92 Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...

8.8CVSS6.3AI score0.00035EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/27 12:35 a.m.17 views

Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...

6.9CVSS6.3AI score0.00457EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/04/16 2:10 p.m.8 views

Prototype Pollution

js-object-utilities is vulnerable to Prototype Pollution. The vulnerability is due to unsanitized property assignment due to the lib.set function allowing attackers to modify the global prototype chain using crafted payloads...

6.8AI score0.01315EPSS
Exploits0
NVD
NVD
added 2022/06/30 1:15 p.m.14 views

CVE-2013-4170

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...

6.1CVSS0.00874EPSS
Exploits0References3
OSV
OSV
added 2021/03/29 2:15 p.m.4 views

UBUNTU-CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

7.2CVSS6.9AI score0.04087EPSS
Exploits2References5
Rows per page
Query Builder