90 matches found
CVE-2026-45288
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
EUVD-2026-33022
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288
Marten (a .NET transactional document DB for PostgreSQL) prior to version 8.36.1 interpolated the user-supplied regConfig parameter directly into SQL within full-text search APIs, without parameterization or validation, creating a SQL injection sink on any code path where regConfig is exposed. Th...
CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
CVE-2026-45288
Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...
Marten SQL注入漏洞
Marten is a PostgreSQL-based .NET documentation database and event storage tool developed by JasperFx. Versions of Marten prior to 8.36.1 contained an SQL injection vulnerability. This vulnerability occurred due to the full-text search API not being parameterized or verifying the regConfig...
Marten has an injection vulnerability in its full-text search regConfig parameter
Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the regConfig parameter in full-text search APIs. An attacker can execute arbitrary SQL commands by supplying crafted input to the regConfig parameter, which is interpolated directly into SQL statements without...
GHSA-VMW2-QWM8-X84C Marten has an injection vulnerability in its full-text search regConfig parameter
Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...
PT-2026-41160
Name of the Vulnerable Software and Affected Versions Marten versions prior to 8.36.1 Description Full-text search APIs interpolate the user-supplied regConfig parameter directly into generated SQL without parameterization or validation. This creates a SQL injection sink in any code path where...
EUVD-2025-120031
Malicious code in breezy-crimson-marten npm...
Malicious code in breezy-crimson-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3875b560289ee53cd714075de6f50623325d7fec152a2d1a0035da53e9289f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117242
Malicious code in massive-yellow-marten npm...
EUVD-2025-117420
Malicious code in elated-gray-marten npm...
EUVD-2025-117473
Malicious code in confident-ivory-marten npm...
Malicious code in massive-yellow-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347c0a4bc6c6dc50164f4938053abfe0fb420772bc5eb18e843d0551531f3155 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in elated-gray-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c32a771f61d8884dd839eb457a9126fe4d205325bf194b113122900c6b8a5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in splendid_marten_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a27a8fb6fdc9b58fdf0356c0ae70118b28e954e7d110b3b0050c4e2661cc4da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...