46033 matches found
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...
GHSA-27H3-CRW2-Q36W SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
EUVD-2026-22913
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
GHSA-GC9W-CC93-RJV8 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...
Arbitrary Code Injection
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via the PhpHelper::parseArrayToString process. An attacker can execute arbitrary PHP code as the web server user by injecting specially crafted input into...
Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...
PT-2026-33360
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.21 Description A JDBC parameter blocklist bypass exists in the MySQL datasource configuration. The Mysql class utilizes the Lombok @Data annotation, which automatically generates a public setter for the...
CVE-2026-30778 Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
CVE-2026-30778 Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
CVE-2026-29861
PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...
CVE-2025-0838 affecting package mysql for versions less than 8.0.45-3
CVE-2025-0838 affecting package mysql for versions less than 8.0.45-3. A patched version of the package is available...
MiracleLinux 8 : mysql:8.4 (AXSA:2026-431:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-431:01 advisory. mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21948 mysql:...
EUVD-2025-209409
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...
CVE-2025-15441
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...
CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...
CVE-2025-15441
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...
CVE-2025-15441
The CVE concerns the WordPress plugin Form Maker by 10Web. Versions prior to 1.15.38 expose a SQL Injection risk due to improper preparation of SQL queries when the MySQL Mapping feature is used. Affected product: Form Maker by 10Web (WordPress plugin); vulnerable component: SQL query handling wi...
SQLi
Blind SQLi - Status Code & Time Based Herramienta de Blind SQ...