89 matches found
PYSEC-2026-752 Out of bounds read in Tensorflow
Impact The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR then they can...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cifs: fixed a small mempool leak in SMB2negotiate. In some cases of failures dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO. Instead, it should return rc = -EIO and then jump to negex...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...
Untrusted Search Path
Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDialect, which is included in the public schema. A low-privileged user can elevate privileges ...
CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the error in the length of the VALIDATENEGOTIATEINFO message. The commit code is d5c7076b772a “smb3: added “smb3.1.1” to the default dialect list”. The number of dialects was extended from 3 to 4. However, it was...
com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)
org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799798...
SQL Injection
Overview drizzle-orm is a Drizzle ORM package for SQL databases Affected versions of this package are vulnerable to SQL Injection through the escapeName handling in the PostgreSQL, SQLite, and SingleStore dialects. An attacker can inject arbitrary SQL by supplying a malicious identifier to...
Drizzle ORM has SQL injection via improperly escaped SQL identifiers
Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...
CVE-2026-32763
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...
PT-2026-26762
Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.14 Description Kysely's DefaultQueryCompiler.sanitizeStringLiteral function inadequately escapes backslashes when handling string literals. Specifically, it only doubles single quotes but does not address...
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...
GHSA-WMRF-HV6W-MR66 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...
quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23984 via apache-superset (>=4.1.4 <=5.0.0)
apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23984 Source advisory: OSV:GHSA-MWF2-QR4V-94H2...
quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23980 via apache-superset (>=4.1.4 <=5.0.0)
apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23980 Source advisory: OSV:GHSA-GVXG-9HQX-F4RG...
quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23982 via apache-superset (>=4.1.4 <=5.0.0)
apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23982 Source advisory: OSV:GHSA-3M2G-V7JF-7FXC...
quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23983 via apache-superset (>=4.1.4 <=5.0.0)
apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23983 Source advisory: OSV:GHSA-H294-8FXM-M2PJ...
CakePHP 5.3.2 Released
CakePHP 5.3.2 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.2. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
EUVD-2019-10984
Malware in sbrugna...