CVE-2026-12046

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

BIT-APPSMITH-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

Malicious Package

Overview atlas-query-editor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2022-5716

Malicious code in bioql PyPI...

EUVD-2022-41828

Malicious code in bioql PyPI...

Malicious code in atlas-query-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c6c37cad26e052e458501d412ce970fc2faf0d3ce12d6e7b5794e6161ab7e4d8 The OpenSSF Package Analysis project identified 'atlas-query-editor' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2024-10713 Malicious code in atlas-query-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c6c37cad26e052e458501d412ce970fc2faf0d3ce12d6e7b5794e6161ab7e4d8 The OpenSSF Package Analysis project identified 'atlas-query-editor' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions have an authorization issue vulnerability that stems from incorrect authorization checks in SQLLab. An attacker can exploit the vulnerability to...

The vulnerability of the Power Query editor, a spreadsheet editing tool from Microsoft Excel, allows a hacker to redirect users to a malicious URI and execute malicious code.

The vulnerability of the Power Query editor for Microsoft Excel relates to insufficient neutralization of special elements transmitted in URIs. Exploiting this vulnerability allows a malicious actor to redirect users to malicious URIs and execute malicious code using a specially crafted document...

phpMyAdmin SQL Editor Cross Site Scripting Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A cross-site scripting vulnerability exists in the phpMyAdmin SQL parser, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...

ZOHO ManageEngine SupportCenter Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine SupportCenter Plus is a customer service support management software from ZOHO USA. The software provides help desk, customer management, service level management and tracking of customer requests. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Pl...