726 matches found
CVE-2026-15183 Input Validation Vulnerabilities in Snowflake Spark Connector
Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...
EUVD-2026-43593
SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...
CVE-2026-53448 Coturn: SQL Injection in HTTPS Admin Panel Delete Operations
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...
EUVD-2026-42802
The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-58521
A flaw was found in the Mediawiki - Cargo Extension. This vulnerability allows an attacker to inject malicious commands into database queries. This could lead to unauthorized access to sensitive information, modification of data, or disruption of the database's availability...
PYSEC-2026-489 SQLAlchemyDA unauthenticated arbitrary SQL query execution
Impact The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. Patches The problem has been patched in version 2.2. Workarounds There is no workaround. All users are urged to upgrade to versi...
EUVD-2026-39147
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...
PT-2026-52109
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The /api/icon/getDynamicIcon endpoint is excluded from authentication. When this endpoint is called with type=8 and a valid block id parameter, it invokes the RenderDynamicIconContentTemplate function...
PT-2026-52150
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibrarySlot JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...
CVE-2025-61027
An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61028
CVE-2025-61028 affects the virtuoso-opensource product (time_t_to_dt component) in version 7.2.11. A flaw allows an attacker to trigger a Denial of Service by sending crafted SQL statements, potentially making the system unavailable to legitimate users. The Red Hat and OSV Ubuntu entries corrobor...
CVE-2025-61023
An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61018
An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2019-25753
Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...
CVE-2019-25755
CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...
CVE-2017-20275 Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter
Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comphpbridge&view=phpview parameters and...
EUVD-2017-18985
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...
PT-2026-50942
Name of the Vulnerable Software and Affected Versions Joomla! Component Flip Wall version 8.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the wallid parameter via GET requests to the 'index.ph...
CVE-2026-11407
PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...
CVE-2026-11407 Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...