CVE-2024-28146

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2023-28107

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a...

CVE-2023-42454

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

CVE-2022-43718

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

How to register Veeam Data Cloud Vault in Veeam Backup for Microsoft Azure

Article Applicability This article is specifically for Veeam Backup for Microsoft Azure v8. With the release ofVeeam Backup for Microsoft Azure v8.1, the process for adding Veeam Data Cloud Vault as a repository has been fully integrated. Purpose This article documents the procedure for registeri...

SuperSonic 安全漏洞

SuperSonic is an AI+BI platform open-sourced by Tencent Music Entertainment. A security vulnerability exists in SuperSonic 0.9.8 and earlier versions, which stems from a code injection issue in the H2 database connection handling component...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions. Remediation Upgrade...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions. Remediation Upgrade...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to the existence of a security vulnerability , th...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to a security vulnerability , the vulnerability...

GO-2025-3457 WhoDB allows parameter injection in DB connection URIs leading to local file inclusion in github.com/clidey/whodb/core

WhoDB allows parameter injection in DB connection URIs leading to local file inclusion in github.com/clidey/whodb/core...

WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. Details The application uses string concatenation to build database connection URIs which are then passed to...

GHSA-C7W4-9WV8-7X7C WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. Details The application uses string concatenation to build database connection URIs which are then passed to...

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

BIT-SUPERSET-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . DataEase v1.18.27 before the version of the SQL injection vulnerabili...

PVS Server Down In Console After Upgrade to 2402CU1

After upgrading the first PVS Server in the FARM to 2402 CU1 and running the Configuration Wizard the PVS Server appears down in the console. The Configuration Wizard completes with errors. The following is one example found in the AOT logs:...

The vulnerability of the PhysHdr class constructor in the CryptoManager.cpp module of the database management system “Red Database” allows a hacker to trigger a database access error.

The vulnerability of the PhysHdr class constructor in the CryptoManager.cpp module of the database management system “Red Database” is related to the fact that in some cases, when switching the database to incremental backup mode, the connection to this database would fail. Exploiting this...