65 matches found
CVE-2026-9617
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...
CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...
CVE-2026-9617 PostgreSQL Anonymizer: malicious column name allows SQL injection via anon.k_anonymity() function
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...
GHSA-49G7-2WW7-3VF5 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...
CVE-2025-56401
ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName...
EUVD-2025-198805
ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName...
CVE-2025-56401
ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName...
PT-2025-47926
Name of the Vulnerable Software and Affected Versions ZIRA Group WBRM version 7.0 Description ZIRA Group WBRM version 7.0 is susceptible to a SQL Injection issue occurring in the referenceLookupsByTableNameAndColumnName function. The issue allows for potential manipulation of database queries...
CVE-2025-56401
Summary: CVE-2025-56401 affects ZIRA Group WBRM 7.0 with a SQL Injection vulnerability in the function referenceLookupsByTableNameAndColumnName. This is supported by Red Hat, EUVD/ENISA, NVD/CNNVD/CVELIST and other feeds, which consistently describe a SQL injection condition in that function. Imp...
Linux Distros Unpatched Vulnerability : CVE-2017-16082
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2...
CVE-2024-23995
Cross Site Scripting XSS in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container...
PT-2024-20223 · Unknown · Beekeeper Studio
Name of the Vulnerable Software and Affected Versions: Beekeeper Studio versions 4.1.13 and earlier Description: The issue allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. This is a Cross Site Scripting XSS issue...
CVE-2024-24389
A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...
CVE-2024-24389
A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...
CVE-2024-24389
A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...
CVE-2024-24389
A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...
XunRuiCMS Security Vulnerability
XunRuiCloud Software Development XunRuiCMS XunRuiCMS is an open source content management system CMS from China's XunRuiCloud Software Development Company. A security vulnerability exists in XunRuiCMS v4.6.2 and earlier versions, which stems from a cross-site scripting XSS vulnerability. An...
SUSE CVE-2011-2930
Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...
SUSE CVE-2014-4986
Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...