29 matches found
CVE-2025-57213
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
PT-2025-49075
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
Weitong Mall 安全漏洞
Weitong Mall 微同商城 is a shopping mall system by fuyanglipengjun, an individual developer. A security vulnerability exists in Weitong Mall version 1.0.0, which originates from improper access control of the orderService.queryObject component, which may lead to sensitive information leakage...
EUVD-2025-201240
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
EUVD-2019-0693
Malware in sbrugna...
EUVD-2022-4501
Malicious code in bioql PyPI...
EUVD-2022-4938
Malicious code in bioql PyPI...
EUVD-2022-7153
Malicious code in bioql PyPI...
GHSA-64F8-PJGR-9WMR Untrusted Query Object Evaluation in RPC API
During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...
SUSE CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...
Prototype Pollution
feathers-sequelize is vulnerable to prototype pollution. The vulnerability exists in the cleanQuery method due to the use of insecure recursive logic to filter unsupported keys from the query object, which allows an attacker to inject malicious properties resulting in prototype pollution...
Type Confusion
socket.io-parser is vulnerable to type confusion. It is possible to overwrite the placeholder object due to improper type validation of attachment parsing in the reconstructPacket function, which allows an attacker to place references to functions at arbitrary places in the resulting query object...
CVE-2022-2421
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...
Input validation
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...
CVE-2022-2421 Socket.io - Improper type validation in attachment parsing
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...
MAL-2022-1571 Malicious code in bigid-query-object-serialization (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad7d8f633f4cb50e32e1b20019d44cd102cdfe707cb1a729dc3b3777525c434 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bigid-query-object-serialization (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad7d8f633f4cb50e32e1b20019d44cd102cdfe707cb1a729dc3b3777525c434 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
jquery-plugin-query-object contains prototype pollution vulnerability
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...
CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...
CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...