SUSE CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

CVE-2025-34210

The CVE concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS deployments). The connected sources confirm that sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) are stored in cleartext files that are ...

mysqlnd/pdo password buffer overflow

...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra methods when a specially crafted dictionary is passed using dictionary expansion as kwargs, leading to unsafe column aliases on MySQL and...

GHSA-HPR9-3M2G-3J9P Django vulnerable to SQL injection in column aliases

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

PYSEC-2025-106

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

FreeBSD : py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL (cb570d6f-9ea9-11f0-9446-f02f7497ecda)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cb570d6f-9ea9-11f0-9446-f02f7497ecda advisory. Oracle reports: Vulnerability in the MySQL Connectors product of Oracle MySQL component:...

AlmaLinux 8 : mysql:8.0 (ALSA-2025:16861)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:16861 advisory. mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql: Optimizer unspecified vulnerability CPU Apr 2025 CVE-2025-30688 mysql: Stor...

Django -- multiple vulnerabilities

Django reports: CVE-2025-59681: Potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB. CVE-2025-59682: Potential partial directory-traversal via archive.extract...

Oracle Linux 8 : mysql:8.0 (ELSA-2025-16861)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16861 advisory. mecab mecab-ipadic mysql 8.0.43-1 - Rebase to MySQL 8.0.43 8.0.42-1 - Rebase to MySQL 8.0.42 Tenable has extracted the preceding description block...

RHSA-2025:16861 Red Hat Security Advisory: mysql:8.0 security update

Bulletin has no description...

mysql: Replication unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

mysql: DDL unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: Optimizer unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

mysql: Replication unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

mysql: Optimizer unspecified vulnerability (CPU Jul 2025)

A denial of service flaw was found in MySQL. This flaw allows a privileged attacker with network access via multiple protocols to cause a crash in the MySQL server...

mysql: Encryption unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...