CVE-2025-9658

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...

python-pymysql: SQL injection if used with untrusted JSON input

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...

PT-2024-38648 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions 24E01 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the word parameter in the online dictionary function. This can potentially lead to...

SUSE CVE-2017-12960

There is a reachable assertion abort in the function dictrenamevar in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

DEBIAN-CVE-2017-12959

There is a reachable assertion abort in the function dictaddmrset in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack...