3 matches found
CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API
SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...
CVE-2021-38706
messagesload.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...