CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

CVE-2026-29090

Rucio contains a SQL injection in FilterEngine.create_postgres_query() when the postgres_meta metadata plugin is configured. Attacker-controlled filter keys/values are interpolated into raw SQL via Python .format() and passed to psycopg3.sql.SQL(), enabling arbitrary SQL against the PostgreSQL me...

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

SQL Injection

Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection via the createpostgresquery function when attacker-controlled filter keys and values are interpolated directly into raw SQL statements through the DID search endpoint. An attacker can execute...

SQL Injection

Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection in the createsqlaquery function when processing filter keys and values in Oracle database backends using the default jsonmeta metadata plugin configuration. An attacker can execute arbitrary SQL...

PT-2026-38087

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.create postgres query. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search...

CVE-2022-0376

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is...

EUVD-2012-0256

Malware in sbrugna...

EUVD-2022-15527

Malicious code in bioql PyPI...

EUVD-2023-49320

Malicious code in bioql PyPI...

CVE-2025-9693

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess function in all versions up to, and including, 3.1.2. This makes it possible for authenticated...

CVE-2025-9693

CVE-2025-9693 covers the WordPress plugin User Meta – User Profile Builder and User management plugin with a vulnerability in postInsertUserProcess that allows an authenticated user (Subscriber or higher) to delete arbitrary files due to insufficient file path validation. Affected versions are al...

WordPress User Meta – User Profile Builder and User management plugin plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Kishan Vyas in WordPress Plugin User Meta versions = 3.1.2...

WordPress plugin User Meta 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

MAL-2025-5734 Malicious code in vite-meta-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38fbb013e3df2485e72ad722dfab14b0295214d9f631913350b0eec0d658469a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vite-meta-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38fbb013e3df2485e72ad722dfab14b0295214d9f631913350b0eec0d658469a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-47611 WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Khaled User Meta allows Reflected XSS. This issue affects User Meta: from n/a through 3.1.2...

CVE-2023-44998

Cross-Site Request Forgery CSRF vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin = 1.2.8 versions...

WordPress plugin Secret Meta 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...