142 matches found
PT-2026-27331
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...
GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
MAL-2025-192706 Malicious code in @ownbackup/ob-query-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e883403626d57ea766a1c9e33634ceb5558b9293ef87e9fb60ffa6d052e2454 The package @ownbackup/ob-query-builder was found to contain malicious code...
Malicious code in @ownbackup/ob-query-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e883403626d57ea766a1c9e33634ceb5558b9293ef87e9fb60ffa6d052e2454 The package @ownbackup/ob-query-builder was found to contain malicious code...
EUVD-2025-204947
Malicious code in @ownbackup/ob-query-builder npm...
Adobe Experience Manager (AEM) Querybuilder Internal Path Read
The remote Adobe Experience Manager AEM server is configured to allow unauthenticated users to access internal paths using the Querybuilder endpoint. This may allow an attacker to read sensitive files from the server. The Querybuilder endpoint is typically located at /bin/querybuilder.json and...
Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure
The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the JCR roles of the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servlet endpoint. No...
CVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...
EUVD-2025-34898
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...
CVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...
tillywork 安全漏洞
tillywork is an open source work management solution from tillywork open source A security vulnerability exists in Tillywork v0.1.3 and earlier versions, which stems from a SQL injection vulnerability in app/common/helpers/query.builder.helper.ts...
CVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...
CVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...
EUVD-2020-27368
Malware in sbrugna...
EUVD-2025-29119
Malicious code in bioql PyPI...
EUVD-2023-49345
Malicious code in bioql PyPI...
EUVD-2025-9889
Malicious code in bioql PyPI...
CVE-2025-10399
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...
MAL-2025-47350 Malicious code in tg-client-query-builder (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e88f4b4247a247c45d69b7c6082806c246a97e993f3db259215f30d0774e8db7 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in tg-client-query-builder (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e88f4b4247a247c45d69b7c6082806c246a97e993f3db259215f30d0774e8db7 Any computer that has this package installed or running should be considered fully compromised. All...