1301 matches found
Django: Django: SQL Injection via crafted column aliases
A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...
CVE-2026-44349 Daptin fuzzy search injects unvalidated column name into raw SQL
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...
CVE-2026-44349
Daptin CVE-2026-44349: The fuzzy search path on /api/ accepts a user-supplied column list and interpolates it into raw SQL without a column whitelist, enabling an authenticated user to read the entire database on vulnerable versions. Affected component: processFuzzySearch in server/resource/resou...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the processFuzzySearch function. An attacker can access and extract the entire database contents by supplying crafted input to the column parameter in the HTTP API, which is directly interpolated into raw SQL statement...
Daptin fuzzy search injects unvalidated column name into raw SQL
Summary processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no column whitelist check. The entry point is GET /api/ with...
GHSA-PWQG-Q8PG-PP6R Daptin fuzzy search injects unvalidated column name into raw SQL
Summary processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no column whitelist check. The entry point is GET /api/ with...
Buffer overflow in `Clusterings::from_i32_column_major_order()`
The fromi32columnmajororder method can create inconsistent internal state. When labels length and nitems mismatch, nclusterings becomes labels.len / nitems truncated, but subsequent calls to label use indices that exceed the internal data bounds, causing a buffer overflow. For example,...
RUSTSEC-2026-0129 Buffer overflow in `Clusterings::from_i32_column_major_order()`
The fromi32columnmajororder method can create inconsistent internal state. When labels length and nitems mismatch, nclusterings becomes labels.len / nitems truncated, but subsequent calls to label use indices that exceed the internal data bounds, causing a buffer overflow. For example,...
CLSA-2026-1777444367 vim: Fix of 9 CVEs
CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...
mysql: Fix of CVE-2019-2627
CVE-2019-2627: fix crash when mysql.user table has missing password column...
CLSA-2026-1776937700 mysql: Fix of CVE-2019-2627
CVE-2019-2627: fix crash when mysql.user table has missing password column...
GHSA-38C5-483C-4QQP Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the query construction in the TSDB access code. An attacker can execute arbitrary TSDB queries by supplying crafted starttime, endtime, or column/table-related values that are interpolated directly into SQL strings. Th...
CLSA-2026-1776879643 mysql: Fix of CVE-2019-2627
CVE-2019-2627: fix crash when mysql.user table has missing password column...
Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API
Summary The /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed authenticated users with any valid session to inject arbitrary S...
CVE-2026-5721
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput method of the...
CLSA-2025-1754337993 sqlite: Fix of CVE-2025-6965
CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available...
CLSA-2025-1754336638 sqlite: Fix of CVE-2025-6965
CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available...
SQLi
SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...