CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...

CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

GHSA-X92X-PX7W-4GX4 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a...

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a...

Dgraph 安全漏洞

Dgraph is an open-source, horizontally scalable distributed GraphQL database with a graphical backend. Versions of Dgraph prior to 25.3.3 contained a security vulnerability. This vulnerability stemmed from the position of language tags in JSON mutation keys, allowing for DQL injection, which coul...

GHSA-XCWX-R2GW-W93M Sylius has a DQL Injection via API Order Filters

Impact Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL: GET /api/v2/shop/products?orderprice=ASC,%20variant.code%20DESC Patches The...

CVE-2026-31825

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

CVE-2026-31825

Sylius (Open Source eCommerce framework on Symfony) has a vulnerability in API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter, where user-supplied order direction values are passed directly to Doctrine’s orderBy() without validation. This allows injection of arbitrary DQL...

EUVD-2015-0560

Malware in sbrugna...

EUVD-2016-0892

Malware in sbrugna...

EUVD-2016-10664

Malware in sbrugna...

EUVD-2014-2539

Malware in sbrugna...

EUVD-2017-14686

Malware in sbrugna...

EUVD-2015-0561

Malware in sbrugna...

EUVD-2014-2544

Malware in sbrugna...

GHSA-2XMM-G482-4439 DQL injection through sorting parameters blocked

Impact Values added at the end of query sorting were passed directly to the DB. We don't know, if it could lead to direct SQL injections, however, we should not allow for easy injection of values there anyway. Patches The issue is fixed in version 1.10.1 and in 1.11-rc.1 Workarounds You have to...

DQL injection through sorting parameters blocked

Impact Values added at the end of query sorting were passed directly to the DB. We don't know, if it could lead to direct SQL injections, however, we should not allow for easy injection of values there anyway. Patches The issue is fixed in version 1.10.1 and in 1.11-rc.1 Workarounds You have to...

Design/Logic Flaw

OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...

CVE-2017-5585

OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...