2 matches found
CVE-2020-26214
Summary (CVE-2020-26214) : Alerta prior to version 8.1.0 is vulnerable to an LDAP authentication bypass when LDAP is used as the authorization provider and the LDAP server allows unauthenticated binds. An attacker can bypass authentication by providing an empty password. The issue affects deploym...
CVE-2026-34400
Alerta (monitoring tool) prior to 9.1.0 is affected by a SQL injection in the Query string search API (q=) due to interpolating user input into SQL via f-strings. The issue can impact query construction in PostgreSQL, and has been patched in version 9.1.0. Public references across multiple feeds ...