Out Of Memory Error

org.infinispan, infinispan-query is vulnerable to a Out Of Memory Error. The vulnerability is due to lack of proper memory handling when processing large POST requests, allows continual requests to trigger buffer leaks and memory exhaustion...

CVE-2025-29981

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...

CVE-2025-30352

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...

ROS-20250311-04

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-03

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...

WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm; substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows t...

CVE-2022-34871

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...

CVE-2020-15620

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...

IBM DB2 DoS (7175943) (Unix)

According to its self-reported version number, IBM Db2 on Unix is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-21214

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

The vulnerability of the Ivanti EPM endpoint management software lies in the lack of protective measures for the SQL query structure, allowing a hacker to execute arbitrary code.

The vulnerability of the Ivanti EPM endpoint management software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted SQL code remotely...

The vulnerability of the Shadow account management tool lies in the insufficient neutralization of certain elements in the query, allowing a malicious actor to compromise data integrity.

The vulnerability of the Shadow account management tool is related to insufficient neutralization of certain elements in the query. Exploiting this vulnerability could allow an attacker to compromise data integrity...

The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...

PT-2024-5757 · Unknown · Kraken Stress Testing Toolkit

Name of the Vulnerable Software and Affected Versions: Kraken Stress Testing Toolkit affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in the Kraken Stress Testing Toolkit, a tool for load testing SIEM systems. This can be...

CVE-2024-25638

CVE-2024-25638 affects the dnsjava library (Java DNS impl). The issue: DNS replies can include Resource Records from zones unrelated to the query, due to missing validation of RR relevance. This could enable attacker-controlled responses to spoof data. Root cause: insufficient verification of RR ...

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...