25 matches found
CVE-2026-35442
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions min, max applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated...
CVE-2026-35442
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions min, max applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated...
PT-2026-30332
Name of the Vulnerable Software and Affected Versions Directus affected versions not specified Description Aggregate functions min, max applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any...
GHSA-XXH2-68G9-8JQR ormar is vulnerable to SQL Injection through aggregate functions min() and max()
Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...
ormar is vulnerable to SQL Injection through aggregate functions min() and max()
Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...
EUVD-2006-5525
Malware in sbrugna...
EUVD-2023-58142
Malicious code in bioql PyPI...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
Postgresql: memory disclosure in aggregate function calls
...
AZL-32106 CVE-2023-5868 affecting package postgresql for versions less than 14.10-1
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
postgresql: Memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...