3 matches found
CVE-2026-26275
The CVE affects httpsig-hyper up to version 0.0.22, where Digest header verification could incorrectly succeed due to a misuse of Rust’s matches! macro, causing digest checks to pass even when the computed digest did not match the expected value. This could allow message body modifications to go ...
GHSA-4465-R2HG-V4RJ CiviCRM SQL injection vulnerability via Quick Search API
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...
CiviCRM SQL injection vulnerability via Quick Search API
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...