1371 matches found
GHSA-JFGF-83C5-2C4M i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the row:search and row:get operations in the SeaTable node when user-controlled input is passed through expressions into the searchTerm or rowId parameters. An attacker can access...
CVE-2025-10503
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
mcp-stdio-exploit
MCP STDIO Exploit: A Local Reimplementation Vulnerability...
GHSA-98F2-W9H9-7FP9 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses
Impact An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed us...
CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()
Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...
EUVD-2026-25188
Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...
GHSA-5FGG-JCPF-8JJW i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters
Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the aggregate API endpoint when unvalidated user input is passed to the goqu.L function. An attacker can execute arbitrary SQL commands and access sensitive database information by supplying crafted values to the colum...
GHSA-RW2C-8RFQ-GWFV Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API
Summary The /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed authenticated users with any valid session to inject arbitrary S...
Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API
Summary The /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed authenticated users with any valid session to inject arbitrary S...
PT-2026-34606
Name of the Vulnerable Software and Affected Versions Daptin versions prior to 0.11.4 Description The '/aggregate/:typename' endpoint accepts column and group query parameters that are passed without validation to goqu.L, a raw SQL literal expression builder. This bypasses parameterization,...
EUVD-2026-24253
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)
The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...
CVE-2026-40478
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
CVE-2026-40478
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
CVE-2026-40478 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
CVE-2026-40478 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
CVE-2026-40477 Improper restriction of the scope of accessible objects in Thymeleaf expressions
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
CVE-2026-40477 Improper restriction of the scope of accessible objects in Thymeleaf expressions
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...