54 matches found
CVE-2021-47959
WPGraphQL 1.3.5 is affected by a DoS vulnerability: unauthenticated attackers can exhaust server resources by sending batched GraphQL queries with duplicated fields, potentially causing OOM conditions and MySQL connection errors. The provided documents do not include a confirmed patch version or ...
EUVD-2021-34814
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
CVE-2026-42871
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...
CVE-2026-42871
The CVE concerns WeGIA, a web manager for charitable institutions. In versions prior to 3.7.0, the script atendido/familiar_docfamiliar.php reveals an overly descriptive error message that includes database-related details. This information disclosure can help an attacker map the backend infrastr...
CVE-2026-30912
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...
Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...
CVE-2026-30912
CVE-2026-30912 concerns Apache Airflow where SQL errors expose exception and stack trace information in the API despite the setting api/expose_stack_traces being disabled. This behavior can leak sensitive information to an attacker. The connected sources consistently indicate the issue affects Ai...
EUVD-2026-23662
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from a failure in the TOTP lock mechanism’s attempt to lock the account due to database transaction processing errors...
openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers
Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...
GHSA-2VHW-Q7VH-7XV2 openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers
Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
CVE-2026-23476
Summary: CVE-2026-23476 affects FacturaScripts prior to 2025.8, due to a reflected XSS in error messages rendered with Twig’s raw filter. The bug arises when a database error includes user input (e.g., via the code parameter in endpoints like /EditProducto?code=) and the template Core/View/Macro/...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
FacturaScripts is Vulnerable to Reflected XSS
Reflected XSS via SQL Error Messages Summary A reflected XSS bug has been found in FacturaScripts. The problem is in how error messages get displayed - it's using Twig's | raw filter which skips HTML escaping. When a database error is triggered like passing a string where an integer is expected,...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...