Lucene search
K

142 matches found

Snyk
Snyk
added 2025/09/15 7:39 a.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/15 7:39 a.m.11 views

open-vector-editor (>=10.1.61 <=18.3.6), ove-electron (=1.2.8) +2 more potentially affected by unknown CVE via tg-client-query-builder (=2.14.3)

tg-client-query-builder NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on tg-client-query-builder and may be impacted: - open-vector-editor =10.1.61, =18.3.6, =29.0.7, =30.15.8 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
NVD
NVD
added 2025/09/14 1:15 p.m.7 views

CVE-2025-10399

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/14 1:2 p.m.3 views

CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS6.4AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/14 1:2 p.m.12 views

CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS0.00221EPSS
Exploits0References3
CVE
CVE
added 2025/09/14 1:2 p.m.12 views

CVE-2025-10399

CVE-2025-10399 concerns Korzh EasyQuery (up to version 7.4.0). The vulnerability arises from improper handling in the Query Builder UI component, specifically the file path /api/easyquery/models/nwind/fetch, enabling SQL injection. The issue can be triggered remotely and has been publicly exposed...

6.5CVSS6.4AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.6 views

PT-2025-37412

Name of the Vulnerable Software and Affected Versions: Korzh EasyQuery versions through 7.4.0 Description: A weakness exists in Korzh EasyQuery due to SQL injection. The issue affects unknown processing of the /api/easyquery/models/nwind/fetch API endpoint within the Query Builder UI component...

6.5CVSS6.4AI score0.00221EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.7 views

Korzh EasyQuery SQL注入漏洞

Korzh EasyQuery is a query builder software from Korzh. A SQL injection vulnerability exists in Korzh EasyQuery 7.4.0 and earlier versions, which stems from improper handling of files/api/easyquery/models/nwind/fetch in the Query Builder UI component, which can lead to SQL injection attacks...

6.5CVSS6.9AI score0.00221EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-45024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. CVE-2023-45024 Note th...

7.5CVSS6.3AI score0.00596EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.7 views

CVE-2022-40824

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwhere function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS9.6AI score0.0089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/06 4:33 p.m.8 views

CVE-2025-32120

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through = 2.0.4...

7.6CVSS7.3AI score0.00548EPSS
Exploits0References1
NVD
NVD
added 2025/04/04 4:15 p.m.4 views

CVE-2025-32120

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through = 2.0.4...

7.6CVSS0.00548EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.1 views

WordPress plugin Easy Query – WP Query Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Ea...

7.6CVSS8.3AI score0.00548EPSS
Exploits0References1
OSV
OSV
added 2024/06/25 12:46 p.m.7 views

MAL-2024-2511 Malicious code in influx-query-builder (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/15 10:19 p.m.19 views

laravel framework Unexpected database bindings via requests

This is a follow-up to the security advisory https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to i...

7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/15 6:9 p.m.12 views

GHSA-27QR-636M-WXG2 codeigniter/framework SQL injection in ODBC database driver

CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape functions...

10CVSS8.2AI score
Exploits0References4
OSV
OSV
added 2024/01/31 3:13 p.m.34 views

BIT-CODEIGNITER-2022-40827

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php where function...

9.8CVSS9.9AI score0.0085EPSS
Exploits1References1
CVE
CVE
added 2023/11/10 6:11 p.m.59 views

CVE-2023-47128

Piccolo ORM (Python) before 1.1.1 is vulnerable to SQL injection via named transaction savepoints. The root cause is building and executing SAVEPOINT commands with user-supplied input using f-strings, which can lead to arbitrary read/modify operations and even server compromise per the descriptio...

9.1CVSS9.6AI score0.00776EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/11/03 5:15 a.m.13 views

CVE-2023-45024

Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...

7.5CVSS7.2AI score0.00596EPSS
Exploits0References2
OSV
OSV
added 2023/11/03 5:15 a.m.0 views

DEBIAN-CVE-2023-45024

Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...

7.5CVSS7.2AI score0.00596EPSS
Exploits0References1
Rows per page
Query Builder