45 matches found
CVE-2026-4317
CVE-2026-4317 describes an SQL injection in the Umami Software web application where an improperly sanitized timezone parameter is interpolated directly into SQL queries (potentially via prisma.rawQuery/prisma.$queryRawUnsafe or raw queries with ClickHouse). This authenticated-access vulnerabilit...
PT-2026-27185
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The objects/pluginRunDatabaseScript.json.php API endpoint accepts a name parameter via POST and passes it to the Plugin::getDatabaseFileName function...
GHSA-J7WH-X834-P3R7 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API
Summary SiYuan Note v3.6.0 and likely prior versions contains an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlying SQLite database...
CVE-2025-26385
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...
Johnson Controls Metasys’ various products have security vulnerabilities
Johnson Controls Metasys is a building automation platform developed by Johnson Controls, a company based in the United States. Several products of Johnson Controls Metasys have security vulnerabilities, which stem from improper handling of special elements in commands, potentially leading to...
CVE-2022-37787
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...
Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution
Vulnerability description not provided...
EUVD-2019-16073
Malware in sbrugna...
EUVD-2021-24041
Malware in sbrugna...
EUVD-2022-51298
Malicious code in bioql PyPI...
EUVD-2022-51300
Malicious code in bioql PyPI...
EUVD-2025-11446
Malicious code in bioql PyPI...
EUVD-2022-51285
Malicious code in bioql PyPI...
EUVD-2022-51291
Malicious code in bioql PyPI...
EUVD-2025-11385
Malicious code in bioql PyPI...
EUVD-2022-51292
Malicious code in bioql PyPI...
CVE-2025-52914
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...
CVE-2025-32832
CVE-2025-32832 affects Siemens TeleControl Server Basic (versions
PHPGurukul Restaurant Table Booking System 安全漏洞
Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from an incorrect operation of the parameter username in the /admin/checkavailability.php file, which can lead to SQL injection. An...
CVE-2022-48593
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...