PT-2026-33643

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of...

GO-2026-4592 SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel

SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...

pig 安全漏洞

pig is a privilege management system of pig-mesh open source. A security vulnerability exists in pig 3.8.2 and earlier versions. The vulnerability stems from an improper privilege validation issue in the token query interface /api/admin/sys-token/page of the token management function in the syste...

EUVD-2010-0037

Malware in sbrugna...

CVE-2025-2246

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

Linux Distros Unpatched Vulnerability : CVE-2023-0921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated...

CVE-2011-1643

Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...

GHSA-443M-3FR6-W8WJ PowerJob incorrect access control vulnerability

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list...

PT-2023-21562 · Silverstripe · Silverstripe/Graphql

Name of the Vulnerable Software and Affected Versions: silverstripe/graphql versions 4.1.1 through 4.2.2 Description: The issue allows an attacker to execute a denial of service attack against a website with a publicly exposed GraphQL endpoint using a specially crafted GraphQL query. This mostly...

cruddl 安全漏洞

cruddl is an open source library from AEB Germany. Used to create a GraphQL API for your database , using GraphQL SDL for your architecture modeling . cruddl has a security vulnerability , an attacker can use this vulnerability can be able to inject arbitrary AQL queries , these queries will be...

GHSA-9RG7-3J4F-CF4X QueryInterface should call AddRef before returning pointer

Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the IUnknown::QueryInterface method. QueryInterface implementation must call IUnknown::AddRef before returning the pointer, as describe in this documentation: As it is not incrementing...

Apache Kylin Input Validation Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin has an input validation error vulnerability, which stems from...

Apache Kylin server-side request forgery vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache kylin has a server-side request forgery vulnerability, which ste...

The vulnerability of the integration component of the Magento Commerce software development and management platform relates to the lack of protection against cross-site request forgery attacks. This allows attackers to perform unauthorized changes to user metadata.

The vulnerability of the integration component of the Magento Commerce software platform for online store development and management is related to the lack of protection against cross-site request forgery attacks. Exploiting this vulnerability allows a malicious actor to perform unauthorized...

RUSTSEC-2021-0083 QueryInterface should call AddRef before returning pointer

Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the IUnknown::QueryInterface method. QueryInterface implementation must call IUnknown::AddRef before returning the pointer, as describe in this documentation: As it is not incrementing...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

PT-2017-2447 · Ruby · Ruby

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to type confusion in the WIN32OLE class of Ruby, specifically in the ole invoke and ole query interface methods. This occurs when an attacker passes a different type of...

Type confusion exists in ole_invoke and ole_query_interface methods of Ruby's WIN32OLE class

Type confusion exists in two methods of Ruby's WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution...

Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Advisory ID: cisco-sa-20110824-cucm-cups Revision 1.0 For Public Release 2011 August 24 1600 UTC GMT...