40 matches found
CVE-2026-44680
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...
CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...
PT-2026-37053
Name of the Vulnerable Software and Affected Versions apko versions prior to 1.2.7 Description The DiscoverKeys function in pkg/apk/apk/implementation.go performs an unconditional type-assertion of JWKS JSON Web Key Set keys as rsa.PublicKey without verifying the key type. If a repository JWKS...
📄 EGroupware SQL Injection
EGroupware versions prior to 23.1.20260113 and greater than or equal to 26.0.20251208 but less than 26.0.20260113 are affected by a remote SQL injection vulnerability in the Nextmatch filter processing. CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing Overview | Field |...
EUVD-2026-10870
Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type...
SQL Injection
Overview sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection via the traverseJSON function, which escapes JSON path values but not cast types after the :: operator. An attacker ca...
EUVD-2019-0721
Malware in sbrugna...
EUVD-2022-7249
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-0842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validat...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to xml2js ( CVE-2023-0842 )
Summary xml2js is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate incoming JSON keys, allowing the proto...
Django SQL注入漏洞
Django is a set of open source web application framework based on Python language from Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. An SQL injection vulnerability exists in Django versions prior to 5.0 to 5.0.8 and 4.2 to 4.2.15, whi...
Debian dla-3760 : node-xml2js - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3760 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3760-1 [email protected] https://www.debian.org/lts/security/...
Security Bulletin: CVE-2022-41713 An issue was discovered in deep-object-diff version 1.1.0
Summary CVE-2022-41713 deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited. Vulnerability Details...
CVE-2023-0842
A flaw was found in node-xml2js. This flaw allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, making it possible to edit the proto property...
Prototype Pollution
xml2js is vulnerable to Prototype Pollution. The vulnerability exists because the library does not properly validate the incoming JSON keys, allowing an attacker to modify the proto. attribute...
GHSA-776F-QX25-Q3CC xml2js is vulnerable to prototype pollution
xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...
CVE-2023-0842
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...
CVE-2023-0842
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...
CVE-2023-0842
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...
xml2js 安全漏洞
node-xml2js is an XML to JavaScript object converter from the individual developer Marek Kubica. A security vulnerability exists in xml2js version 0.4.23 that stems from the application not properly validating incoming JSON keys, allowing an attacker to edit the proto attribute...