Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.10 views

symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.9CVSS5.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/15 3:27 p.m.13 views

EUVD-2026-30550

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 3:27 p.m.7 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

6.3AI score0.00381EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.11 views

PT-2026-41310

Name of the Vulnerable Software and Affected Versions Apache Flink versions 1.15.0 through 1.20.x Apache Flink versions 2.0.0 through 2.x Description Code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers using...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References9
Rows per page
Query Builder