RLSA-2024:0974 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

eKuiper API endpoints handling SQL queries with user-controlled table names.

Summary A critical SQL Injection vulnerability exists in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitati...

LF Edge eKuiper SQL注入漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A SQL injection vulnerability exists in LF Edge eKuiper versions prior to 2.2.1, which stems from a SQL injection vulnerability in the getLast API function that could lead to the execution of arbitrary SQ...

CVE-2025-54294

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-54294 Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-50127

CVE-2025-50127 concerns the DJ-Flyer Joomla extension (component DJ-Flyer 1.0–3.2). The issue is a SQL injection vulnerability that allows privileged users to execute arbitrary SQL commands. Root cause is improper input handling in the vulnerable component, enabling crafted queries to reach the d...

SQL Injection

github.com/go-pg/pg is vulnerable to SQL injection. The vulnerability is due to improper handling of input in the /types/appendvalue.go component, which allows an attacker to inject and execute arbitrary SQL commands...

StackIdeas Komento component SQL注入漏洞

StackIdeas Komento component is a commenting plugin from StackIdeas Malaysia. A SQL injection vulnerability exists in StackIdeas Komento component versions 4.0.0-4.0.7, which stems from a SQL injection vulnerability that could lead to the execution of arbitrary SQL commands...

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Zoo Management System /admin/index.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

CVE-2025-49484

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

CVE-2025-6718

The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1runquery AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL...

CVE-2025-49484

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

CVE-2025-49485

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...

CVE-2025-49485 Extension - balbooa.com - SQL injection in Balbooa Forms component version 1.0.0 - 2.3.1.1 for Joomla

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...

CVE-2025-49485

CVE-2025-49485: A SQL injection in Balbooa Forms for Joomla affects versions 1.0.0 through 2.3.1.1. The vulnerability is triggered via the id parameter, enabling privileged users to execute arbitrary SQL commands (per CVSS 4.0 metrics: NETWORK, HIGH impact on confidentiality/integrity/availabilit...

WordPress plugin B1.lt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

RUSTSEC-2025-0043 matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`

The SqliteEventCacheStore::findeventwithrelations function constructs SQL queries using format! with unescaped input, allowing an attacker to inject arbitrary SQL. This results in a SQL injection vulnerability...

CVE-2025-53549

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

CVE-2025-40735

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...