Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO
Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack
Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode
Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite
PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover
Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern
Spring Data MongoDB Bind Parameter Literal Quoting Breakout
BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution
Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
ShellHub: Crash-DoS via field injection in filter and sort-by parameters
Flowsint: Cypher query injection in node type on node creation
KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto
There is a cypher injection issue in LogonTracer prior to v2
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
Flowise: Cypher Injection in GraphCypherQAChain
Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection
FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover
Showing 1 - 20 of 1,000+ results