EUVD-2026-25994

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

CVE-2025-14615

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

EUVD-2005-2198

Malware in sbrugna...

EUVD-2025-25506

Malicious code in bioql PyPI...

EUVD-2022-2090

Malicious code in bioql PyPI...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

PT-2025-9110 · Loggrove · Loggrove

Name of the Vulnerable Software and Affected Versions: Loggrove version 1.0 Description: The issue concerns SQL Injection in the read.py file. Recommendations: For version 1.0, consider restricting access to the read.py file until a patch is available. As a temporary workaround, review and modify...

K000137875: PostGreSQL vulnerability CVE-2018-1058

Security Advisory Description A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

Symantec Identity Manager 跨站脚本漏洞

Symantec Identity Manager is an identity management system from Symantec Corporation. A security vulnerability exists in Symantec Identity Manager versions 14.3 CP3, 14.4.1, and 14.4.2, which can be exploited by an attacker to enumerate the current user's Oracle LDAP attributes by modifying the...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...

CVE-2023-23951

The CVE-2023-23951 issue affects Broadcom Symantec Identity Manager and Symantec Identity Governance and Administration (Oracle LDAP Attribute Handler). Affected versions permit enumeration of the current user’s Oracle LDAP attributes by modifying the query used by the application, and PT-2023-88...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

ALPINE-CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

Hitachi Vantara Pentaho Business Analytics Platform Cross-Site Request Forgery Vulnerability

Hitachi Vantara Pentaho Business Analytics BA Platform is an open source Business Intelligence BI system from Hitachi Vantara Japan that provides data integration, OLAP services, reporting, dashboards, data mining, and ETL capabilities. A cross-site request forgery vulnerability exists in Hitachi...

Sql injection

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end...

LDAP injection - ownCloud

Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All LDAP queries have been review...