Lucene search
K

1301 matches found

RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.16 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

8.3CVSS7.5AI score0.00754EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/07 1:57 p.m.39 views

CVE-2026-44349 Daptin fuzzy search injects unvalidated column name into raw SQL

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 1:57 p.m.17 views

CVE-2026-44349

Daptin CVE-2026-44349: The fuzzy search path on /api/ accepts a user-supplied column list and interpolates it into raw SQL without a column whitelist, enabling an authenticated user to read the entire database on vulnerable versions. Affected component: processFuzzySearch in server/resource/resou...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 10:10 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the processFuzzySearch function. An attacker can access and extract the entire database contents by supplying crafted input to the column parameter in the HTTP API, which is directly interpolated into raw SQL statement...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 10:10 p.m.11 views

Daptin fuzzy search injects unvalidated column name into raw SQL

Summary processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no column whitelist check. The entry point is GET /api/ with...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/06 10:10 p.m.6 views

GHSA-PWQG-Q8PG-PP6R Daptin fuzzy search injects unvalidated column name into raw SQL

Summary processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no column whitelist check. The entry point is GET /api/ with...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References4
RustSec
RustSec
added 2026/05/02 12:0 p.m.10 views

Buffer overflow in `Clusterings::from_i32_column_major_order()`

The fromi32columnmajororder method can create inconsistent internal state. When labels length and nitems mismatch, nclusterings becomes labels.len / nitems truncated, but subsequent calls to label use indices that exceed the internal data bounds, causing a buffer overflow. For example,...

6AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/02 12:0 p.m.5 views

RUSTSEC-2026-0129 Buffer overflow in `Clusterings::from_i32_column_major_order()`

The fromi32columnmajororder method can create inconsistent internal state. When labels length and nitems mismatch, nclusterings becomes labels.len / nitems truncated, but subsequent calls to label use indices that exceed the internal data bounds, causing a buffer overflow. For example,...

6AI score
Exploits0References3
OSV
OSV
added 2026/04/29 6:59 a.m.9 views

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

9.8CVSS7.3AI score0.0145EPSS
Exploits8References1
CloudLinux
CloudLinux
added 2026/04/25 8:48 a.m.9 views

mysql: Fix of CVE-2019-2627

CVE-2019-2627: fix crash when mysql.user table has missing password column...

4.9CVSS6.2AI score0.0301EPSS
Exploits0
OSV
OSV
added 2026/04/25 8:48 a.m.11 views

CLSA-2026-1776937700 mysql: Fix of CVE-2019-2627

CVE-2019-2627: fix crash when mysql.user table has missing password column...

4.9CVSS6.9AI score0.0301EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 3:57 p.m.5 views

GHSA-38C5-483C-4QQP Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...

6.2CVSS5.4AI score0.00132EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/24 3:57 p.m.14 views

Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...

6.2CVSS5.3AI score0.00132EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/23 2:12 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the query construction in the TSDB access code. An attacker can execute arbitrary TSDB queries by supplying crafted starttime, endtime, or column/table-related values that are interpolated directly into SQL strings. Th...

9.6CVSS6.2AI score0.00323EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 5:40 p.m.6 views

CLSA-2026-1776879643 mysql: Fix of CVE-2019-2627

CVE-2019-2627: fix crash when mysql.user table has missing password column...

4.9CVSS6.9AI score0.0301EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/22 5:38 p.m.7 views

Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API

Summary The /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed authenticated users with any valid session to inject arbitrary S...

8.3CVSS5.9AI score0.00345EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.6 views

CVE-2026-5721

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput method of the...

4.7CVSS5.9AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 11:51 a.m.5 views

CLSA-2025-1754337993 sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available...

7.7CVSS7AI score0.73495EPSS
Exploits3References1
OSV
OSV
added 2026/04/21 11:46 a.m.8 views

CLSA-2025-1754336638 sqlite: Fix of CVE-2025-6965

CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available...

7.7CVSS7.2AI score0.73495EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2026/04/21 9:36 a.m.191 views

SQLi

SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...

9CVSS7.3AI score0.91877EPSS
Exploits17
Rows per page
Query Builder