CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

CVE-2026-29090

Rucio contains a SQL injection in FilterEngine.create_postgres_query() when the postgres_meta metadata plugin is configured. Attacker-controlled filter keys/values are interpolated into raw SQL via Python .format() and passed to psycopg3.sql.SQL(), enabling arbitrary SQL against the PostgreSQL me...

Rucio SQL注入漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Rucio has a SQL injection vulnerability, which stems from the SQL injection in the FilterEngine.createpostgresquery method. This vulnerability allows any authenticated Rucio user to execute arbitrary SQL queries...

EUVD-2019-0017

Malware in sbrugna...

EUVD-2023-2955

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-12088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the...

VulnCheck KEV: CVE-2023-37941

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...

CVE-2021-36372

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...

CVE-2023-37941

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...

BIT-SUPERSET-2023-37941 Apache Superset: Metadata db write access can lead to remote code execution

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...

RLSA-2023:7712 Important: tracker-miners security update

Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker. Security Fixes: tracker-miners: sandbox escape CVE-2023-5557 For more details about the security issues, including th...

Important: Red Hat Security Advisory: tracker-miners security update

An update for tracker-miners is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: tracker-miners security update

An update for tracker-miners is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...

Duplicate Advisory: Apache Superset - Elevation of Privilege

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f678-j579-4xf5. This link is maintained to preserve external references. Original Description Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using th...

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

Authorization

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

PT-2023-27540 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to but excluding 2.1.2 Description: The issue is related to an improper authorization check, which could lead to possible privilege escalation. Using the default examples database connection, an attacker could acce...

USN-6504-1: tracker-miners vulnerability

It was discovered that tracker-miners incorrectly handled sandboxing. If a second security issue was discovered in tracker-miners, an attacker could possibly use this issue in combination with it to escape the sandbox...