233 matches found
IBM BigFix Platform - Information Disclosure
IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...
EUVD-2026-42838
Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...
Progress MOVEit Transfer < 2025.0.8 / 2025.1.0 < 2025.1.4 / 2026.0.0 < 2026.0.1 Multiple Vulnerabilities
The version of Progress MOVEit Transfer installed on the remote host is prior to 2025.0.8, 2025.1.x prior to 2025.1.4, or 2026.0.x prior to 2026.0.1. It is, therefore, affected by multiple vulnerabilities: - Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress...
CVE-2026-8649
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
CVE-2026-8649 Institution scope bypass vulnerability in custom reports
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
CVE-2026-8649
Summary of CVE-2026-8649 : An instance of Improper Neutralization of Special Elements in Data Query Logic affects MOVEit Transfer (Custom Reports modules). The issue impacts MOVEit Transfer versions prior to 2025.0.7 and from 2025.1.0 up to before 2025.1.3. The CVSS vectors indicate a high-severi...
CVE-2026-10698
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...
EUVD-2026-42278
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...
CVE-2026-10698 Table scope bypass vulnerability in custom reports
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...
GO-2026-5837 Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph
Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...
Improper Neutralization of Special Elements in Data Query Logic
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the enrichContext process. An attacker can access and modify all documents in connected NoSQL databases by injecting crafted...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...
CVE-2026-6626
A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...
CVE-2026-1352
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...
CVE-2025-14688
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...
EUVD-2026-32280
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...
CVE-2026-3676
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...