EUVD-2026-34917

A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24042)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that stems from the misuse of the Generic Query Web Service, no details of the vulnerability are...

EUVD-2018-8745

Malware in sbrugna...

EUVD-2019-8949

Malware in sbrugna...

EUVD-2019-8950

Malware in sbrugna...

EUVD-2019-8948

Malware in sbrugna...

The vulnerability of the Hibernate query service implementation in the Kaiten project management system lies in the lack of protective measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Hibernate query service implementation in the Kaiten project management tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of th...

CVE-2019-19327

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint on another host. Notes: 1 This is only exploitable if the attacker has...

Arbitrary File Read

org.apache.linkis, linkis-metadata-query-service-jdbc is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient parameter filtering in the DataSource Manager Module, allowing an attacker to configure malicious MySQL JDBC parameters to read arbitrary files from the server...

GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

CVE-2024-45627 Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

Information Exposure

Overview taegis-magic is a Taegis IPython Magics Affected versions of this package are vulnerable to Information Exposure due to the exposure of inspect.currentframe.flocals in the search function in events.py, which exposes a GraphQLService object. This may include sensitive internal values such...

CVE-2021-35203

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint...

CVE-2021-35202

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass to access an endpoint in FDSQueryService...

Wikibase Wikidata Query Service GUI HTML Injection Vulnerability

Wikibase Wikidata Query Service GUI is a graphical user interface for the Wikidata wikidata query service. A security vulnerability exists in the ui/editor/tooltip/Rdf.js file in versions prior to Wikibase Wikidata Query Service GUI 0.3.6-SNAPSHOT 2019-11-07. An attacker can exploit the...

Unspecified Vulnerability in Wikibase Wikidata Query Service GUI

Wikibase Wikidata Query Service GUI is a graphical user interface for the Wikidata wikidata query service. A security vulnerability exists in the ui/ResultView.js file in versions prior to Wikibase Wikidata Query Service GUI 0.3.6-SNAPSHOT 2019-11-07. An attacker can exploit the vulnerability to...