CVE-2026-33084

DataEase (open-source) has a SQL injection in versions ≤ 2.10.20 via the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service passes the user-supplied sort value to the sorting metadata DTO, which is then incorporated into the SQL ORDER BY clause in Order...

CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

EUVD-2025-25649

Malicious code in bioql PyPI...

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

WordPress Gravity Forms Plugin < 2.7.4 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediaburst:gravityforms"; if description...

PT-2024-40732 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the involvement of pcpp::TelnetLayer::getFieldLen an...

AZL-10441 CVE-2022-34526 affecting package libtiff for versions less than 4.4.0-3

A stack overflow was discovered in the TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities...

CVE-2020-10911

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

UBUNTU-CVE-2016-7449

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service out-of-bounds heap read via a file containing an "unterminated" string...

DEBIAN-CVE-2016-5318

Stack-based buffer overflow in the TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff...

OpenCart <= 1.5.6.1 - (openbay) Multiple SQL Injection

No description provided by source. Exploit Title : OpenCart = 1.5.6.1 SQL Injection Date : 2014/3/26 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com...

OpenCart 1.5.6.1 SQL Injection

Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on many locations and paramter is passed without santize...