1194 matches found
Securing Cloud Databases: Best Practices with ClickHouse and Wiz
How to protect sensitive data in cloud-hosted databases with built-in security controls, best practices, and continuous risk monitoring...
CVE-2025-26794
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...
PostgreSQL SQLi Vulnerability (Feb 2025) - Windows
PostgreSQL is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql...
PostgreSQL SQLi Vulnerability (Feb 2025) - Linux
PostgreSQL is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql...
Managed Databases as Code Using Terraform
...
EulerOS 2.0 SP11 : dhcp (EulerOS-SA-2025-1133)
According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...
CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2021-37698
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...
BIT-SUPERSET-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...
Malicious code in ilovenyxx (PyPI)
The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...
PT-2024-9601 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.0 Description: The issue is related to improper authorization in Apache Superset, specifically affecting Postgres analytic databases. An attacker with access to SQLLab can craft a specially designed SQL D...
MAL-2024-11552 Malicious code in ccl-leveldbases (PyPI)
--- -= Per source details. Do not edit below this line.=-...
8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk
Cybersecurity researchers at Varonis have identified a serious security vulnerability in PostgreSQL that could lead to data breaches…...
Exploit for CVE-2024-32640
CVE-2024-32640 MySQL Blind SQL Injection Proof of Concept Thi...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...
MGASA-2024-0342 Updated bind packages fix security vulnerabilities
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. CVE-2024-0760 Resolver caches and authoritative zone databases that...
CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...
CyberPanel 安全漏洞
CyberPanel is a web hosting control panel with built-in DNS and email servers by Usman Nasir, an individual developer. CyberPanel has a security vulnerability that originates from upgrademysqlstatus in databases/views.py that allows remote attackers to bypass authentication and execute arbitrary...
CVE-2024-51567
CVE-2024-51567 = CyberPanel pre-auth remote code execution via the upgrademysqlstatus endpoint. Affected CyberPanel builds (through 2.3.6 and unpatched 2.3.7) allow attackers to bypass secMiddleware protecting POST requests and inject commands using shell metacharacters in the statusfile paramete...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2765)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...