CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-9413

CVE-2025-9413 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the function SelectListByPage (modules/system/system_router.go), where manipulation of the arguments orderByColumn and isAsc enables SQL injection. The issue can be triggered remotely; a public exploit has been ...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the file DictDataDao.go when processing the orderByColumn or isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...

CVE-2025-9412 lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

CVE-2025-9412

CVE-2025-9412 affects lostvip-com ruoyi-go up to version 2.1, targeting the file DictDataDao.go in function SelectListByPage . The vulnerability arises from improper handling of the arguments orderByColumn and isAsc , enabling SQL injection via manipulated input. It is remotely exploitable and th...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the GenTableDao.go file. An attacker can access or modify sensitive data, or disrupt application functionality by manipulating the isAsc or orderByColumn arguments in crafted requests...

PT-2025-34697 · Ruoyi-Go · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A flaw has been found in the SelectListByPage function of the modules/system/system router.go file. Manipulation of the orderByColumn and isAsc arguments can lead to SQL injection. The attack may be...

ruoyi-go 安全漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which originates from the improper handling of the orderByColumn/isAsc parameter in the SelectListByPage function in the file...

Linux Distros Unpatched Vulnerability : CVE-2014-4986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow...

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55672

Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...

PT-2025-33271 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A stored Cross-Site Scripting XSS issue exists in the chart visualization feature. An authenticated user with chart editing permissions can inject a malicious payload into a column's label...

CLSA-2025-1754411369 sqlite: Fix of CVE-2025-6965

CVE-2025-6965: reject queries with aggregate terms exceeding column limit to prevent memory corruption...

sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix a potential memory corruption if the number of aggregate terms in a query exceeds the maximum number of columns...

CLSA-2025-1754340339 sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available...

CLSA-2025-1754339166 sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix a potential memory corruption if the number of aggregate terms in a query exceeds the maximum number of columns...

CLSA-2025-1754338696 sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix memory corruption issue caused by exceeding the number of columns with aggregate terms...

CLSA-2025-1754338599 Fix CVE(s): CVE-2025-6965

SECURITY UPDATE: aggregate term exceeding column count vulnerability - debian/patches/CVE-2025-6965.patch: fix a potential memory corruption if the number of aggregate terms in a query exceeds the maximum number of columns - CVE-2025-6965...

sqlite: Integer Truncation in SQLite

A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior...