38 matches found
EUVD-2021-15916
Malware in sbrugna...
EUVD-2021-16966
Malware in sbrugna...
EUVD-2003-1461
Malware in sbrugna...
EUVD-2023-1650
Malicious code in bioql PyPI...
EUVD-2025-18190
Malicious code in bioql PyPI...
SQL Injection
pg-promise is vulnerable to SQL Injection. The vulnerability is due to improper handling of negative numbers, which allows an attacker to manipulate SQL queries by injecting malicious input...
CVE-2025-29744
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
pg-promise SQL Injection vulnerability
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
CVE-2025-29744
CVE-2025-29744 affects pg-promise (Node.js PostgreSQL interface); root cause is improper handling of negative numbers, leading to SQL Injection in versions before 11.5.5. Public documents consistently describe a vulnerability in the query construction/parameter handling that can allow attacker-su...
pg-promise 安全漏洞
pg-promise is a PostgreSQL interface for Node.js by Vitaly Tomilov Personal Developer. A security vulnerability exists in pg-promise versions prior to 11.5.5, which stems from mishandling of negative numbers and may lead to SQL injection...
CVE-2024-36740
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when index as a negative number exceeds the range of size...
Design/Logic Flaw
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
Input validation and money transfer vulnerability with negative number
Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists due to an integer overflow in OpLevelCostEstimator::CalculateOutputSize allowing an attacker to crash the system by inputting a negative number into the cost estimate...
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number...
PYSEC-2021-574
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...
PYSEC-2021-772
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...
Buffer Overflow
Nagios NRPE is vulnerable to a Heap-Based Buffer Overflow. It is as demonstrated by interpretation of a small negative number as a large positive number during a bzero call...
UBUNTU-CVE-2020-6096
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...
CVE-2020-6582
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call...