Lucene search
+L

134 matches found

Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39752

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:31 p.m.6 views

WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/19 8:16 p.m.27 views

CVE-2026-48772

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.25 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:27 p.m.31 views

CVE-2026-48773

Summary of CVE-2026-48773 : ProxySQL (versions 2.0.18–3.0.8) contains a pre-authentication heap memory corruption in the MySQL/PostgreSQL protocol first-read paths. A remote, unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length t...

9.8CVSS6AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References12
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-48886

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36860

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49491

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.0.10 Description Broken Access Control allows unauthenticated users to bypass security restrictions. Recommendations Update to version 3.0.10 or later...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49490

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42276

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/02 2:25 p.m.9 views

WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by sequenceX0 in WordPress Plugin JS Help Desk versions = 3.0.9...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.21 views

PT-2026-51015

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.0 through 3.0.8 Description The MySQL frontend incorrectly processes the PROXY UNKNOWN r PP1 frame of the PROXY protocol v1. According to the specification, when the protocol token is UNKNOWN, the receiver must ignore...

10CVSS5.9AI score0.00185EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/08 3:49 a.m.8 views

CVE-2026-42276 Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...

4.3CVSS5.8AI score0.00279EPSS
Exploits1References1
NVD
NVD
added 2026/04/18 2:16 a.m.4 views

CVE-2026-40490

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

6.8CVSS0.00326EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.14 views

Async Http Client 安全漏洞

Async Http Client is an open-source Java-based asynchronous HTTP and WebSocket client library developed by AsyncHttpClient. Versions prior to 3.0.9 and 2.14.5 of Async Http Client had security vulnerabilities. These vulnerabilities stemmed from the redirection process, where authorization headers...

6.8CVSS5.8AI score0.00326EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 1:7 a.m.7 views

AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

Impact When redirect following is enabled followRedirecttrue, AsyncHttpClient forwards Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and...

6.8CVSS5.5AI score0.00326EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/03/13 9:31 p.m.9 views

EUVD-2026-11860

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.9 views

CVE-2026-32366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...

8.5CVSS0.00228EPSS
Exploits0References1
Rows per page
Query Builder