GHSA-8G29-8XWR-QMHR @grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...

EUVD-2009-1991

Malware in sbrugna...

EUVD-2019-10499

Malware in sbrugna...

EUVD-2016-4514

Malware in sbrugna...

EUVD-2019-10381

Malware in sbrugna...

EUVD-2024-50261

Malicious code in bioql PyPI...

EUVD-2023-36924

Malicious code in bioql PyPI...

EUVD-2025-2659

Malicious code in bioql PyPI...

EUVD-2025-21386

Malicious code in bioql PyPI...

EUVD-2023-0106

Malicious code in bioql PyPI...

EUVD-2025-21528

Malicious code in bioql PyPI...

CVE-2025-42929

CVE-2025-42929 describes a missing input validation vulnerability in SAP Landscape Transformation Replication Server (ABAP reports). The root cause is insufficient input validation in a component handling ABAP reports, allowing a high-privilege attacker to delete the content of arbitrary database...

CVE-2025-42929 Missing input validation vulnerability in SAP Landscape Transformation Replication Server

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database...

CVE-2025-42916 Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

CVE-2025-42916 Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

CVE-2025-42916

CVE-2025-42916 concerns a missing input validation in SAP S/4HANA/ABAP reports that could allow an attacker with high privileges to delete contents of arbitrary database tables not protected by an authorization group. The impact is high on integrity and availability with no confidentiality impact...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.4.10, which stems from an SQL injection in the idfuncionario parameter in the /html/funcionario/dependenteremover.php endpoint, which could lea...

CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...

CVE-2025-53639

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. Th...

CVE-2025-53639

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. Th...