EUVD-2025-204947

Malicious code in @ownbackup/ob-query-builder npm...

MAL-2025-192706 Malicious code in @ownbackup/ob-query-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e883403626d57ea766a1c9e33634ceb5558b9293ef87e9fb60ffa6d052e2454 The package @ownbackup/ob-query-builder was found to contain malicious code...

Malicious code in @ownbackup/ob-query-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e883403626d57ea766a1c9e33634ceb5558b9293ef87e9fb60ffa6d052e2454 The package @ownbackup/ob-query-builder was found to contain malicious code...

Adobe Experience Manager (AEM) Querybuilder Internal Path Read

The remote Adobe Experience Manager AEM server is configured to allow unauthenticated users to access internal paths using the Querybuilder endpoint. This may allow an attacker to read sensitive files from the server. The Querybuilder endpoint is typically located at /bin/querybuilder.json and...

Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure

The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the JCR roles of the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servlet endpoint. No...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

EUVD-2025-34898

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

tillywork 安全漏洞

tillywork is an open source work management solution from tillywork open source A security vulnerability exists in Tillywork v0.1.3 and earlier versions, which stems from a SQL injection vulnerability in app/common/helpers/query.builder.helper.ts...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

EUVD-2020-27368

Malware in sbrugna...

EUVD-2023-49345

Malicious code in bioql PyPI...

EUVD-2025-29119

Malicious code in bioql PyPI...

EUVD-2025-9889

Malicious code in bioql PyPI...

CVE-2025-10399

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

Malicious code in tg-client-query-builder (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e88f4b4247a247c45d69b7c6082806c246a97e993f3db259215f30d0774e8db7 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47350 Malicious code in tg-client-query-builder (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e88f4b4247a247c45d69b7c6082806c246a97e993f3db259215f30d0774e8db7 Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

open-vector-editor (>=10.1.61 <=18.3.6), ove-electron (=1.2.8) +2 more potentially affected by unknown CVE via tg-client-query-builder (=2.14.3)

tg-client-query-builder NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on tg-client-query-builder and may be impacted: - open-vector-editor =10.1.61, =18.3.6, =29.0.7, =30.15.8 Source cves: unknown CVE Source advisory:...