CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

CVE-2026-0824

A flaw was found in QuestDB UI. A remote attacker could exploit a cross-site scripting XSS vulnerability by manipulating the Web Console component. This could allow the attacker to inject malicious scripts into web pages, potentially leading to information disclosure or arbitrary code execution i...

Cross-site Scripting (XSS)

Overview @questdb/web-console is a QuestDB Web Console Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Web Console component. An attacker can inject and execute arbitrary scripts by submitting crafted input that is not properly sanitized. Details Cross-site...

QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

GHSA-XF94-H87H-G9WR QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

CVE-2026-0824

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

CVE-2026-0824

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

CVE-2026-0824 questdb ui Web Console cross site scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

CVE-2026-0824

CVE-2026-0824 affects QuestDB UI Web Console (up to version 1.11.9). The vulnerability is an XSS in an unknown Web Console function that can be exploited remotely. Public exploits are reported, and a fix is planned for QuestDB 9.3.0 with a patch identified as b42fd9f18476d844ae181a10a249e003dafb8...

CVE-2026-0824 questdb ui Web Console cross site scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

EUVD-2026-1842

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

PT-2026-2029

Name of the Vulnerable Software and Affected Versions questdb ui versions up to 1.11.9 Description A security flaw exists in the Web Console component of questdb ui, potentially leading to cross-site scripting. The issue is remotely exploitable, and an exploit has been publicly released. The...

questdb 代码注入漏洞

questdb is QuestDB open source a high-performance, time series database. Code injection vulnerability exists in questdb 1.11.9 and earlier versions , the vulnerability stems from a cross-site scripting vulnerability in the Web Console component , which could lead to cross-site scripting attacks...

Malicious Package

Overview questdb-console is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in questdb-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 292ba477ee3d52c63d6ed6f224aac50507b0f816c20c525c36dc99f37f411eba The OpenSSF Package Analysis project identified 'questdb-console' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...

MAL-2024-11869 Malicious code in questdb-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 292ba477ee3d52c63d6ed6f224aac50507b0f816c20c525c36dc99f37f411eba The OpenSSF Package Analysis project identified 'questdb-console' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...