GHSA-8PRR-286P-4W7J alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...

CVE-2022-41526

CVE-2022-41526 affects TOTOLINK NR1800X, version 9.1.0u.6279_B20210910, where an authenticated stack overflow occurs via the ip parameter in the setDiagnosisCfg function. The affected product is a 5G NR indoor Wi‑Fi/SIP CPE. Documents describe that exploitation could crash the application or allo...

PHPwind v9.1.0 - Multiple Cross Site Scripting Vulnerabilities

Document Title: =============== PHPwind v9.1.0 - Multiple Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2184 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13472 CVE-ID: ======= CVE-2019-13472 Release Dat...

PHPwind v9.1.0 - Multiple Cross Site Scripting Vulnerabilities

Document Title: =============== PHPwind v9.1.0 - Multiple Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2184 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13472 CVE-ID: ======= CVE-2019-13472 Release Dat...