CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0645

Malware in sbrugna...

7.5CVSS7.3AI score0.00204EPSS

Exploits0References7

RedhatCVE•added 2025/05/22 8:26 a.m.•4 views

CVE-2019-15658

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...

7.5CVSS7.9AI score0.00204EPSS

Exploits0References1

Node.js•added 2019/09/05 10:9 p.m.•16 views

SQL Injection

Overview Versions of connect-pg-simple are vulnerable to SQL Injection. The PGStore.prototype.quotedTable function allows for the query to be manipulated if the input has double quotes through the schemaName or tableName variables. These variables are passed to the constructor and are unlikely to...

7.5CVSS5.6AI score0.00204EPSS

Exploits0Affected Software1

CNVD•added 2019/08/28 12:0 a.m.•1 views

connect-pg-simple SQL Injection Vulnerability

connect-pg-simple is a PostgreSQL session store module. A SQL injection vulnerability exists in connect-pg-simple versions prior to 6.0.1, which can be exploited by an attacker to execute illegal SQL commands...

7.5CVSS8.2AI score0.00204EPSS

Exploits0References1

Veracode•added 2019/08/27 1:41 a.m.•21 views

SQL Injection

connect-pg-simple is vulnerable to SQL injection. SQL queries with schemaName or tableName are not sanitized, allowing an attacker to inject and execute malicious SQL...

7.3CVSS3.4AI score0.00204EPSS

Exploits0References3Affected Software1

OSV•added 2019/08/26 11:15 p.m.•8 views

CVE-2019-15658

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...

7.3CVSS8.3AI score

Exploits0References1

NVD•added 2019/08/26 11:15 p.m.•8 views

CVE-2019-15658

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...

7.5CVSS7.7AI score0.00204EPSS

Exploits0References1

Prion•added 2019/08/26 11:15 p.m.•10 views

Sql injection

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...

7.5CVSS7.5AI score0.00204EPSS

Exploits0References1Affected Software1

CVE•added 2019/08/26 10:55 p.m.•131 views

CVE-2019-15658

The CVE-2019-15658 entry concerns the npm package connect-pg-simple (PostgreSQL session store). Affected versions prior to 6.0.1 are vulnerable to SQL injection when tableName or schemaName are untrusted inputs. The root cause is in PGStore.prototype.quotedTable, which uses those variables to bui...

7.5CVSS7.5AI score0.00204EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/08/26 10:55 p.m.•8 views

CVE-2019-15658

connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data...

7.6AI score0.00204EPSS

Exploits0References1

OSV•added 2019/08/26 4:59 p.m.•16 views

GHSA-XQH8-5J36-4556 SQL Injection in connect-pg-simple

Impact An unlikely SQL injection if the case of an unsanitized table name input. Patches The user should upgrade to 6.0.1. Due to its low impact a backport has not been made to the 5.x branch. Workarounds If there is no likelihood that the tableName or schemaName options sent to the constructor...

7.3CVSS7.4AI score0.00204EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by