934 matches found
EUVD-2015-0299
Malicious code in bioql PyPI...
EUVD-2025-27276
Malicious code in bioql PyPI...
EUVD-2021-31791
Malicious code in bioql PyPI...
SUSE CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
CVE-2025-57396
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...
CVE-2025-57396
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...
DEBIAN-CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
UBUNTU-CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
PT-2025-38619
Name of the Vulnerable Software and Affected Versions MapServer versions prior to 8.4.1 Description MapServer, a system for developing web-based GIS applications, contains a flaw in the XML Filter Query directive PropertyName. The PropertyName directive is susceptible to Boolean-based SQL injecti...
Mapserver SQL注入漏洞
Mapserver is the Open Source Geospatial Osgeo Foundation's suite of open source platforms for publishing spatial data and interactive map applications to the Web. A SQL injection vulnerability exists in Mapserver versions prior to 8.4.1, which stems from a Boolean SQL injection in the XML Filter...
CVE-2025-57396
CVE-2025-57396 affects Tandoor Recipes 2.0.0-alpha-1. The vulnerability arises from the User Profile API Endpoint, which contains two boolean values indicating whether a user is staff or administrative. This misconfiguration allows any user to escalate privileges to the highest level. The issue i...
CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
drm/amd/display: Increase array size of dummy_boolean
...
Linux Distros Unpatched Vulnerability : CVE-2018-20200
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean valu...
GHSA-RFH2-8VXQ-JQR8 NodeBB SQL Injection vulnerability
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
CVE-2025-50979
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...
CVE-2025-50984
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...