CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

CVE-2026-44744

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

CVE-2026-40459

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

CVE-2026-40459 LDAP Injection in PAC4J

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

Velociraptor 安全漏洞

Velociraptor is an open-source tool developed by Velocidex, designed for querying and collecting host-based status information using the Velociraptor Query Language VQL. Versions of Velociraptor prior to 0.76.3 contained security vulnerabilities. These vulnerabilities stemmed from the query plugi...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities, which stemmed from lack of access control mechanisms, potentially allowing unauthorized queries to occur...

PT-2026-2479

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientEMS versions 7.0 through 7.4.4 Fortinet FortiClientEMS versions 7.2.0 through 7.2.10 Fortinet FortiClientEMS versions 7.4.0 through 7.4.1 Fortinet FortiClientEMS versions 7.4.3 through 7.4.4 Description An improper...

EUVD-2019-13904

Malware in sbrugna...

EUVD-2022-5489

Malicious code in bioql PyPI...

Code-Projects Online Bidding System SQL注入漏洞

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from insufficient validation of the parameter ID in the file /administrator/weweee.php. An attacker can use this vulnerability to obtain sensitive information from t...

Modern Bag category-list.php file SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idCate in file /admin/category-list.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

Modern Bag login-back.php File SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter user-name in file /admin/login-back.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...

PT-2023-20349 · Esri · Arcgis Enterprise Server

Name of the Vulnerable Software and Affected Versions: ArcGIS Enterprise Server versions 11.0 and below Description: The issue allows a remote, unauthorized attacker to submit a crafted query, potentially resulting in a low severity information disclosure. The disclosed information is limited to ...

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

Code injection

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

Sql injection

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through...