MikroORM SQL注入漏洞

MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. MikroORM has a SQL injection vulnerability; this vulnerability arises from improper escaping of identifiers and JSON path injections, which may lead to SQL injections...

Drupal 安全漏洞

Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions 7.x-1.0 to 7.x-1.10 of Drupal have security vulnerabilities. These vulnerabilities stem from improper output escaping of term-derived text in Simple Hierarchical Select, which may...

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...

Arbitrary Code Injection

Froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper escaping of single quotes in PhpHelper::parseArrayToString, which allows an attacker to inject arbitrary PHP code through the privilegeduser parameter that gets executed on subsequent requests...

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection in the login process due to improper escaping of user-supplied input before it is incorporated into LDAP search filters. An attacker can enumerate valid usernames and extract sensitive attribute data from the connected LD...

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

WWBN AVideo 注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an injection vulnerability. This vulnerability stemmed from the improper escaping of CRLF characters in the plugin/Scheduler/downloadICS.php file, which could allo...

SQL Injection

Overview @mikro-orm/knex is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via improper...

MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

VMware Spring AI 代码注入漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5, as well as 1.1.0 to 1.1.4 of VMware Spring AI, have code injection vulnerabilities. These...

Log Injection

Apache Log4j Core is vulnerable to Log Injection. The vulnerability is due to improper handling of newline escaping caused by renamed configuration attributes in Rfc5424Layout, which allows an attacker to inject CRLF sequences into logs and manipulate log entries...

BIT-TOMCAT-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...

CVE-2026-34483

Apache Tomcat’s JsonAccessLogValve component is affected by an Improper Encoding or Escaping of Output vulnerability. Affected versions include 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. The recommended remediations are to upgrade to version 11.0.21, 10.1.54...

CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

GHSA-44F4-GVWJ-6QG3 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

GHSA-73VX-49MV-V8W5 MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

Improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted. Impact Cross-site scripting XSS. Patches...

Improper Encoding or Escaping of Output

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the escape function. An attacker can cause unintended expansion of shell arguments by supplying input containing square brackets, which may result in...