EUVD-2026-30932

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

PT-2026-31120

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...

CVE-2024-13149 SQLi in Arma Store's Armalife

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection. This issue affects Armalife: through 20250916. NOTE: The vendor did not inform abou...

The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, are related to the lack of security measures for SQL query structures, allowing attackers to trigger a service failure.

The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the email client Thunderbird, are related to the lack of security measures for handling SQL query structures. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the sdnproxy module of the FortiAnalyzer security monitoring and event analysis tool, as well as the FortiManager device management software, allows a perpetrator to execute arbitrary code and gain increased privileges.

The vulnerability of the sdnproxy module of the FortiAnalyzer security monitoring and event analysis tool, as well as the FortiManager device management software, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from improper neutralization of the u...

USN-6879-1: Virtuoso Open-Source Edition vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626, CVE-2023-31627,...

WordPress plugin WP SMTP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the implementation of the “java.sql.ResultRow.refreshRow()” method in the JDBC driver (PgJDBC) allows a hacker to execute arbitrary code.

The vulnerability of the “java.sql.ResultRow.refreshRow” method implementation in the JDBC driver PgJDBC is related to the lack of security measures for handling SQL queries. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted SQL query remote...

USN-5501-1 python-django vulnerability

It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...

PT-2022-13827 · Cnmaestro · Cnmaestro

Name of the Vulnerable Software and Affected Versions: On-Premise cnMaestro affected versions not specified Description: The issue concerns a pre-auth data exfiltration vulnerability due to improper neutralization of special elements used in an SQL command. This could allow an attacker to...

Buffer overflow

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress escsql function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including...