Lucene search
+L

4 matches found

euvd
euvd
added 2026/05/26 4:49 p.m.10 views

EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.01252EPSS
Exploits2References5
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.23 views

PT-2026-39290

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

7.6CVSS6.1AI score0.01252EPSS
Exploits2References8
ptsecurity
ptsecurity
added 2026/01/01 12:0 a.m.5 views

PT-2026-25849

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, contains a SQL injection issue in the DuckDB export module. The TimescaleDB export module was previously fixed for SQL injection by using parameteriz...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References24
github
github
added 2024/05/15 6:42 p.m.14 views

Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier or Doctrine::quoteIdentifier please upgrade immediately. The ORM...

7.2AI score
Exploits0References3Affected Software1
Rows per page
Query Builder