12 matches found
CVE-2026-46624
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
Astra Linux – Vulnerability in Zabbix
A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...
ERPNEXT group_by parameter SQL Injection Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the orderby and groupby parameters against externally entered SQL statements. An attacker can exploit this vulnerability...
CVE-2025-56381
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...
PT-2025-40354
Name of the Vulnerable Software and Affected Versions ERPNEXT version 15.67.0 Description The software contains multiple SQL injection flaws in the /api/method/frappe.desk.reportview.get API endpoint. The order by and group by parameters are susceptible to exploitation. Recommendations Apply...
CVE-2025-56381
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...
Linux Distros Unpatched Vulnerability : CVE-2024-36465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands...
DEBIAN-CVE-2024-36465
A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...
OESA-2021-1274 python-sqlalchemy security update
SQLAlchemy is an Object Relational Mapper ORM that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database...
python-sqlalchemy: SQL Injection when the group_by parameter can be controlled
SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
GHSA-38FC-9XQV-7F7Q SQLAlchemy is vulnerable to SQL Injection via group_by parameter
SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
DEBIAN-CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...