6 matches found
EUVD-2025-18190
Malicious code in bioql PyPI...
SQL Injection
pg-promise is vulnerable to SQL Injection. The vulnerability is due to improper handling of negative numbers, which allows an attacker to manipulate SQL queries by injecting malicious input...
pg-promise SQL Injection vulnerability
pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...
pg-promise 安全漏洞
pg-promise is a PostgreSQL interface for Node.js by Vitaly Tomilov Personal Developer. A security vulnerability exists in pg-promise versions prior to 11.5.5, which stems from mishandling of negative numbers and may lead to SQL injection...
CVE-2025-29744
CVE-2025-29744 affects pg-promise (Node.js PostgreSQL interface); root cause is improper handling of negative numbers, leading to SQL Injection in versions before 11.5.5. Public documents consistently describe a vulnerability in the query construction/parameter handling that can allow attacker-su...
The vulnerability of the inflateMark function in the zlib library, which allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the inflateMark function in the zlib library is caused by an error in handling negative numbers. Exploiting this vulnerability could allow a remote attacker to cause unpredictable behavior in the program, which may lead to violations of confidentiality, integrity, and...