Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/09 10:38 p.m.12 views

EUVD-2026-35854

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013573 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a smb3: add smb3.1....

5.5AI score0.00206EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 12:14 a.m.1 views

GHSA-GPJ5-G38J-94V9 Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 11:14 p.m.3 views

CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS6AI score0.00419EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/30 3:30 p.m.9 views

EUVD-2022-55839

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...

5.9AI score0.00206EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/04/30 12:0 a.m.5 views

Protocol Dialects As Formal Patterns: a Composable Theory of Lingos -- Technical Report

Protocol dialects are methods for modifying protocols that provide light-weight security, especially against easy attacks that can lead to more serious ones. A lingo is a dialect's key security component by making attackers unable to "speak" the lingo. A lingo's "talk" changes all the time,...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/08/10 9:9 a.m.26 views

ontariodialects.chass.utoronto.ca Cross Site Scripting vulnerability OBB-3573492

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OpenVAS
OpenVAS
added 2022/12/04 12:0 a.m.12 views

Fedora: Security Advisory for librime (FEDORA-2022-18023b665f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.4CVSS5.5AI score0.00852EPSS
Exploits0References2
Fedora
Fedora
added 2022/12/03 2:3 a.m.27 views

[SECURITY] Fedora 37 Update: librime-1.7.3-3.fc37

Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...

5.4CVSS2.7AI score0.00852EPSS
Exploits0
Fedora
Fedora
added 2022/12/03 1:44 a.m.43 views

[SECURITY] Fedora 36 Update: librime-1.7.3-2.fc36

Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...

5.4CVSS2.7AI score0.00852EPSS
Exploits0
Veracode
Veracode
added 2019/06/24 8:24 a.m.17 views

SQL Injection

sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not properly escape the JSON path key provided by user using mariadb dialects in query-generator.js...

9.8CVSS9.4AI score0.01315EPSS
Exploits1References6Affected Software1
Fedora
Fedora
added 2018/10/10 9:55 p.m.60 views

[SECURITY] Fedora 27 Update: librime-1.2-18.fc27.1

Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...

5.5CVSS2.7AI score0.02034EPSS
Exploits1
Nmap
Nmap
added 2017/07/28 9:1 a.m.1879 views

smb-protocols NSE Script

Attempts to list the supported protocols and dialects of a SMB server. The script attempts to initiate a connection using the dialects: NT LM 0.12 SMBv1 2.0.2 SMBv2 2.1 SMBv2 3.0 SMBv3 3.0.2 SMBv3 3.1.1 SMBv3 Additionally if SMBv1 is found enabled, it will mark it as insecure. This script is the...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2017/07/28 9:1 a.m.2362 views

smb2-security-mode NSE Script

Determines the message signing configuration in SMBv2 servers for all supported dialects. The script sends a SMB2COMNEGOTIATE request for each SMB2/SMB3 dialect and parses the security mode field to determine the message signing configuration of the SMB server. References: Script Arguments...

10CVSS0.1AI score0.99448EPSS
Exploits33
Veracode
Veracode
added 2017/01/03 8:28 a.m.11 views

SQL Injection

knex is vulnerable to SQL injection. Column names are not properly escaped in database dialects, allowing attackers to craft a query to the host database and access private information...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/06/18 12:55 p.m.7 views

Researchers Dissect Spammers' Economic Ecosystem

A profitable spam campaign has three key elements—a reliable email list, filter-busting content, and a botnet for distribution—and each has been individually dissected and understood. But in order to adequately protect users from spam, which thrives in an established economic ecosystem, researche...

0.1AI score
Exploits0References1
Rows per page
Query Builder