CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

Denial Of Service (DoS)

Liferay Portal / Liferay DXP is vulnerable to Denial of Service DoS. The vulnerability is due to the ComboServlet not enforcing limits on the number or size of files it combines, which allows a remote attacker to craft malicious URL query strings that generate extremely large responses...

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

EUVD-2004-1748

Malware in sbrugna...

EUVD-2021-14567

Malware in sbrugna...

EUVD-2019-5638

Malware in sbrugna...

EUVD-2019-5890

Malware in sbrugna...

EUVD-2022-29619

Malicious code in bioql PyPI...

Enhancing GraphQL Security by Detecting Malicious Queries Using Large Language Models, Sentence Transformers, and Convolutional Neural Networks

GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic nature, leading to denial-of-service attacks, data...

DAVSP: Safety Alignment for Large Vision-Language Models Via Deep Aligned Visual Safety Prompt

Large Vision-Language Models LVLMs have achieved impressive progress across various applications but remain vulnerable to malicious queries that exploit the visual modality. Existing alignment approaches typically fail to resist malicious queries while preserving utility on benign ones effectivel...

WordPress plugin Recover abandoned cart for WooCommerce SQL注入漏洞

WordPress Recover Abandoned Cart for WooCommerce is a plugin designed to recover unfinished orders in WooCommerce. A SQL injection vulnerability exists in WordPress Recover Abandoned Cart for WooCommerce. The vulnerability stems from improper neutralization of special elements. An attacker can...

CVE-2021-27316

Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter...

CVE-2021-27315

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter...

CVE-2019-14750

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries...

Out Of Memory Error

org.elasticsearch, elasticsearch is vulnerable to Out of Memory Error. The vulnerability is due to unrestricted resource allocation in Elasticsearch, where there are no limits or throttling mechanisms in place to manage resource usage effectively. It allows malicious queries, such as those using...

SQL Injection

github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...

SQL Injection

github.com/lf-edge/ekuiper is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation in the Get method of sqlKvStore, which allows the execution of malicious SQL queries...

SQL Injection

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed...