GHSA-68JQ-C3RV-PCRR graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries with many repeated fields sharing the same response name. An attacker can send a crafted query like hello hello hello ... with thousands of repeated fields, causing excessive CPU usage duri...

CVE-2026-35559

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

CVE-2026-35559

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

CVE-2026-35559 Out-of-bounds write in query processing components in Amazon Athena ODBC driver

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

CVE-2026-35559

CVE-2026-35559 affects the Amazon Athena ODBC driver. The issue is an out-of-bounds write in the driver’s query processing components prior to version 2.1.0.0, which could crash the driver when processing specially crafted data during queries. Remediation: upgrade to version 2.1.0.0 or later. If ...

ROS-20260209-73-0010

Vulnerability in python-xmltodict related to errors in xml query processing. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

ROS-20251203-14

MongoDB database management system vulnerability is related to DDL operation execution during query execution. query execution. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CMSimple_XH 安全漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, for...

EUVD-2019-16037

Malware in sbrugna...

EUVD-2006-7190

Malware in sbrugna...

EUVD-2021-28807

Malicious code in bioql PyPI...

EUVD-2024-34391

Malicious code in bioql PyPI...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the PropertyName directive in XML Filter Query processing. An attacker can manipulate backend database queries by injecting specially crafted input containing double quote characters. Remediation Upgrade mapserver to...

CVE-2025-20262

A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denia...

Linux Distros Unpatched Vulnerability : CVE-2015-8547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service application...

ROS-20250813-07

A vulnerability in the Java dnsjava DNS implementation is related to incorrect response checking during processing of DNS queries. Exploitation of the vulnerability could allow a remote attacker to bypass the implemented security restrictions. enforced security restrictions...

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from the presence of a null pointer dereference for YCQL query processing, which could lead to a denial of service...

BIT-MARIADB-MIN-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

c-ares: c-ares has a use-after-free in read_answers()

A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling when processing queries. An attacker can smuggle another query packet into the connection stream by using a large, uncompressed malicious external data. Note: This is only exploitable if the attacker controls the...