CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

CVE-2026-33133

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

PT-2026-26604

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 18.6.6,...

EUVD-2021-29362

Malicious code in bioql PyPI...

PT-2023-8167 · Voltronic Power · Voltronic Power Viewpower

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: The issue is related to the selectDeviceListBy method of the Voltronic Power ViewPower Pro software, which does not properly validate user-supplied input for SQL...

CVE-2022-30331

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. cszcmsadminMembersviewUsers version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements and can be exploited by attackers to execute illegal SQL commands t...

WordPress WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.10Web Photo Gallery plugin is an image management plugin used in it. A SQL injection vulnerability exists in WordPress 10Web...

Portainer Access Restriction Bypass and Server-Side Request Forgery Vulnerabilities

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer versions prior to 1.18.0 that stems from the program's support for requests with unvalidated id query parameters. A remote attacker could use this...