EUVD-2023-1863

Malicious code in bioql PyPI...

EUVD-2023-23808

Malicious code in bioql PyPI...

EUVD-2022-46977

Malicious code in bioql PyPI...

EUVD-2023-51895

Malicious code in bioql PyPI...

EUVD-2024-47900

Malicious code in bioql PyPI...

EUVD-2022-38844

Malicious code in bioql PyPI...

@shadypixel/mssql-mcp (=1.0.0) potentially affected by CVE-2025-59333 via @executeautomation/database-server (=1.1.0)

@executeautomation/database-server NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @executeautomation/database-server and may be impacted: - @shadypixel/mssql-mcp =1.0.0 Source cves: CVE-2025-59333 Source advisory:...

Malicious code in vscode-mssql (npm)

The package vscode-mssql was found to contain malicious code...

Malicious code in mssql-internal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2304e726ecb296faa8d3bc0c0eca49fecae3b3aa9436713580d7a61a9d5b65c7 Any computer that has this package installed or running should be considered...

MAL-2025-4752 Malicious code in mssql-internal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2304e726ecb296faa8d3bc0c0eca49fecae3b3aa9436713580d7a61a9d5b65c7 Any computer that has this package installed or running should be considered...

CVE-2024-6912

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...

CVE-2022-44015

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xpcmdshell extended procedure...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

CVE-2019-10757

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...

MAL-2025-3643 Malicious code in sails-mssql-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9aa02c92e690ce82873d15a2bd8dab23940ca37b05b8dd851f223d17d91c923 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BillQuick Web Suite txtID SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BillQuick Web Suite txtID SQLi', 'Description' = %q This module exploits a SQL injection vulnerability in BillQUick Web Suite prior to version...

Microsoft SQL Server Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Command Execution', 'Description' = %q This module will execute a Windows command on a MSSQL/MSDE instance via the xpcmdshel...

Microsoft SQL Server SQL Injection Escalate Execute AS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...

Lansweeper Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...