SQL Injection

TypeORM is vulnerable to SQL Injection. The vulnerability is due to improper handling of object values in the sqlstring call where stringifyObjects defaults to false, which allows an attacker to inject crafted SQL through requests to repository.save or repository.update...

CVE-2025-60542

A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting stringifyObjects: false that allows an attacker to craft a malicious JSON payload and cause a SQL injecti...

EUVD-2025-36689

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

GHSA-Q2PJ-6V73-8RGJ TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update

Summary SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false. Details Vulnerable Code: js const username, city, name = req.body; const updateData = username, city, name,...

CVE-2025-60542

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

CVE-2025-60542

CVE-2025-60542 (TypeORM) : SQL injection in TypeORM before 0.3.26 via crafted requests to repository.save or repository.update, resulting from sqlstring handling where stringifyObjects defaults to false. Public references indicate the issue arises in the MySQL driver path and can affect updates u...

CVE-2025-60542

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

PT-2025-44304

Name of the Vulnerable Software and Affected Versions TypeORM versions prior to 0.3.26 Description A SQL Injection issue exists in TypeORM. This is due to the sqlstring call using stringifyObjects set to false when processing requests to repository.save or repository.update. A crafted request can...

CVE-2025-60542

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

leapp-repository bug fix and enhancement update

An update is available for leapp-repository. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

NLnet Routinator Path Traversal Vulnerability

NLnet Routinator is an RPKI Resource Public Key Infrastructure authenticator from the NLnet team written in the Rust language. A path traversal vulnerability exists in NLnet Routinator version 0.12.1 and earlier, which stems from the presence of a path traversal vulnerability that allows a user t...

routinator -- potential DOS attack

Due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may st...

ROS-2-2155

2.2155 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

OPENSUSE-SU-2021:1212-1 Security update for spectre-meltdown-checker

This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 bsc1189477 - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression 370 - enh: arm: add experimental support for binary arm images - enh: rs...

CVE-2007-4739

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...

CVE-2007-4739

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...