ROS-20250912-02

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20250912-01

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20250912-04

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. protection of SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

Subrion CMS 安全漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A security vulnerability exists in Subrion CMS version 4.2.1, which stems from insufficient privilege control of the...

CVE-2025-56556

Subrion CMS 4.2.1 is affected. The issue arises from the Run SQL Query tool in the SQL Tool admin panel, where authenticated administrators or moderators can gain escalated privileges due to insufficient privilege checks in the SQL query context. The vulnerability affects the Run SQL Query functi...

ROS-20250828-04

A vulnerability in the Moodle virtual learning environment is related to insufficient cleanup of data provided by the by the user in the calendar event header when the event is deleted. Exploitation of the vulnerability could allow A remote attacker to perform cross-site scripting attacks A...

Linux Distros Unpatched Vulnerability : CVE-2016-2045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HT...

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10...

CVE-2025-54790 Files: Potential for SQL Injection through File Browse and List Operations

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10...

UBUNTU-CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

BIT-MARIADB-MIN-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-31455

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

CVE-2023-3197

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2023-2111

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...