5 matches found
CVE-2026-38158
A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements...
PT-2026-60590
Name of the Vulnerable Software and Affected Versions ureport version 2.2.9 Description A SQL injection issue exists in the /ureport/datasource/previewData endpoint, which handles datasource preview queries. The flaw stems from improper input validation and the use of unsafely constructed SQL...
CVE-2026-38158
CVE-2026-38158 describes an SQL injection in ureport v2.2.9, specifically in the /ureport/datasource/previewData component. The vulnerability could allow an attacker to disclose sensitive database information via crafted SQL statements. The CVSS 3.1 score is 9.8 (CRITICAL), with attack vector NET...
Frostmourne SQL注入漏洞
Frostmourne is a multi-data source monitoring and alerting system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contain SQL injection vulnerabilities, which stem from the SQL injection vulnerability in the httpTest function located in the...
CVE-2026-32137
CVE-2026-32137: Dataease prior to 2.10.20 is vulnerable to SQL injection in the /de2api/datasource/previewData endpoint via a directly concatenated tableName parameter. The table name is user-controllable and is not filtered or parameterized, enabling injection into the SQL statement. The issue a...