CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

PT-2026-42269

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

PT-2026-31003

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

sql-injection-corpus

SQL Injection Corpus - User Guide Overview This corpus con...

EUVD-2026-8907

wger: IDOR in nutritionalvalues endpoints exposes private dietary data via direct ORM lookup...

GHSA-G8GC-6C4H-JG86 wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

Summary Three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition plan data, including caloric intake and full macro breakdown, by supplying an arbitra...

CVE-2026-27839 wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

Summary Description A Mass Assignment CWE-915 vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or...

CVE-2025-60542

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

Object-Relational Mapping (ORM) Leak

An Object-Relational Mapping ORM Leak vulnerability occurs when an application does not properly control how user-provided data is passed to the ORM. An attacker can exploit this by manipulating input parameters to query fields that are not intended to be exposed. This can lead to the disclosure ...

EUVD-2019-0268

Malware in sbrugna...

EUVD-2019-0359

Malware in sbrugna...

postgresql:12 security update

An update is available for postgres-decoderbufs, postgresql, pgrepack, module.postgresql, module.postgres-decoderbufs, pgaudit, module.pgrepack, module.pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Harbor 安全漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control, ensuring that images are scanned and are not vulnerable, and signing images as trusted. A security vulnerability exists in Harbor versions prior to 2.13.1 and prior t...

postgresql:15 security update

An update is available for postgresql, postgres-decoderbufs, module.pgrepack, module.pgaudit, module.postgresql, pgaudit, pgrepack, module.postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

USN-7315-1: PostgreSQL vulnerability

Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perform SQL injection attacks...

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...