Lucene search
+L

2129 matches found

CVE
CVE
added 7 hours ago6 views

CVE-2024-58370

SurrealDB before 1.1.0 is affected: the parser does not enforce recursion depth limits for nested SurrealQL statements (including IF, RELATE, and attribute access). This allows an attacker to submit queries with excessive nesting, potentially causing a stack overflow and server crash. Affected pr...

7.1CVSS5.3AI score
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-52887

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api/myInAppChannels:list, where the filterlatestMsgReceiveTimestamp$lt value was inserted into a...

10CVSS0.00593EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-57791

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 10:16 p.m.7 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 9:15 p.m.16 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 9:15 p.m.43 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00224EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 11:19 a.m.8 views

EUVD-2026-40292

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-489 SQLAlchemyDA unauthenticated arbitrary SQL query execution

Impact The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. Patches The problem has been patched in version 2.2. Workarounds There is no workaround. All users are urged to upgrade to versi...

9.8CVSS6.1AI score0.00881EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.8 views

CVE-2025-61027

A flaw was found in openlink virtuoso-opensource. An attacker can exploit this vulnerability by sending specially crafted SQL statements to the tsetpush component. This can lead to a Denial of Service DoS, making the system unavailable to legitimate users...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 3:19 p.m.8 views

CVE-2025-61023

A flaw was found in virtuoso-opensource. An attacker could exploit a vulnerability in the stcompare component by sending specially crafted SQL statements. This could lead to a Denial of Service DoS, making the service unavailable to legitimate users...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.8 views

CVE-2025-61028

A flaw was found in the virtuoso-opensource component. An attacker could exploit this vulnerability by sending specially crafted SQL statements, leading to a Denial of Service DoS condition. This could make the affected system unavailable to legitimate users...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 1:55 a.m.14 views

CVE-2025-61022

A flaw was found in openlink virtuoso-opensource. This issue, specifically within the sqlotbcolpreds component, allows attackers to cause a Denial of Service DoS by sending specially crafted SQL statements. This can lead to the unavailability of the service...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-61025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS6AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 6:31 p.m.10 views

EUVD-2025-210323

An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.9 views

EUVD-2025-210324

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.7 views

EUVD-2025-210320

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.10 views

EUVD-2025-210317

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.11 views

EUVD-2025-210321

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.8 views

EUVD-2025-210313

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References2
Rows per page
Query Builder