11 matches found
CVE-2026-59162
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
CVE-2026-59161
CVE-2026-59161 affects the Go library Excelize. The streaming worksheet reader used by Rows/GetRows could bypass the TotalRows limit, enabling an attacker-controlled index to cause unbounded memory and CPU usage by generating empty rows beyond 1048576. The issue is fixed in version 2.11.0; upgrad...
EUVD-2022-7485
Malicious code in bioql PyPI...
GHSA-3FHJ-WPVJ-X5W8 laravel-jqgrid vulnerable to SQL Injection
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is...
laravel-jqgrid vulnerable to SQL Injection
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is...
CVE-2021-4262
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is...
Sql injection
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is...
Laravel SQL注入漏洞
Laravel is a web application framework from the Laravel community. A security vulnerability exists in laravel-jqgrid, which stems from a problem with the function getRows in the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php, which can lead to sql injection...
Microsoft Windows ADO Recordset GetRows Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
KingCms最新版(k9)注入1枚
简要描述: KingCms最新版(k9)注入1枚 详细说明: 朋友的公司想购买kingcms的授权,让我帮忙看下。发现kingcms很长一段时间没更新了,憋了一段时间放出了最新版的k92014-12-13更新,官网下下来学习一下。 在wooyun上看到了几个漏洞,如: WooYun: kingcms最新版sql注入漏洞 注入点:POST /apps/jianli/index.php HTTP/1.1 注入参数:where 问题文件在/apps/jianli/index.php function create $u=new user;$u-authrole'jianli'; $db=new...
Achievo <= 1.3.4 - SQL Injection
No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...