1285 matches found
CVE-2026-33643
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...
CVE-2026-29953
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...
CVE-2026-33643
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...
CVE-2026-29953
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...
PT-2026-29052
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...
CVE-2026-33643
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...
SchemaHero 安全漏洞
SchemaHero is an open-source database schema management tool developed by SchemaHero. Version 0.23.0 of SchemaHero contains a security vulnerability. This vulnerability stems from improper handling of the column parameter in the mysqlColumnAsInsert function located in the...
CVE-2026-33643
CVE-2026-33643 affects SchemaHero 0.23.0 with a SQL Injection flaw in the MySQL plugin path: the column.go processing in plugins/mysql/lib/column.go improperly handles the column parameter, allowing malicious input to alter table schema. Connected sources also describe similar risks in the Postgr...
CVE-2026-29953
CVE-2026-29953 corresponds to a SQL Injection vulnerability in SchemaHero 0.23.0. The issue is triggered via the column parameter to the columnAsInsert function in plugins/postgres/lib/column.go. The vulnerability is evidenced across multiple feeds (Red Hat, CIRCL, NVD, CVE records) with consiste...
CVE-2026-33643
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...
SchemaHero 安全漏洞
SchemaHero is an open-source database schema management tool developed by SchemaHero. Version 0.23.0 of SchemaHero contains a security vulnerability. This vulnerability stems from the improper handling of the column parameter in the columnAsInsert function within the column.go file, which may lea...
Django: Django: SQL Injection via crafted column aliases
A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...
Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()
A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...
Django: Django: SQL Injection via crafted column aliases
A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...
Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()
A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...
GHSA-98C2-4CR3-4JC3 n8n has SQL Injection in Data Table Node via orderByColumn Expression
Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement...
SQL Injection
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...
CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...
CVE-2026-33713
The CVE-2026-33713 issue affects n8n before versions 1.123.26, 2.13.3, and 2.14.1, where an authenticated user with workflow permissions could exploit a SQL injection in the Data Table Get node. On SQLite, single statements can be manipulated, while PostgreSQL deployments allow multi-statement ex...