CGA-JVW6-4C33-VJ7J

Bulletin has no description...

Malicious code in relation-release (npm)

The package relation-release was found to contain malicious code...

MAL-2025-32045 Malicious code in relation-release (npm)

The package relation-release was found to contain malicious code...

Django: SQL Injection when using FilteredRelation

A SQL injection vulnerability was discovered in the Django framework when using the FilteredRelation feature. The vulnerability was located in the tests/filteredrelation/tests.py file. The vulnerability allowed an attacker to inject malicious SQL code through the userdata parameter used in the...

GHSA-275G-G844-73JH Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the defau...

PT-2025-29132 · Unknown · Matrix-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-sdk versions 0.11 through 0.12 Description: An SQL injection vulnerability exists in the EventCache::find event with relations method. This allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly...

FrameShift: Learning to Resize Fuzzer Inputs without Breaking Them

Coverage-guided fuzzers are powerful automated bug-finding tools. They mutate program inputs, observe coverage, and save any input that hits an unexplored path for future mutation. Unfortunately, without knowledge of input formats--for example, the relationship between formats' data fields and...

A Geometric Square-Based Approach to RSA Integer Factorization

We present a new approach to RSA factorization inspired by geometric interpretations and square differences. This method reformulates the problem in terms of the distance between perfect squares and provides a recurrence relation that allows rapid convergence when the RSA modulus has closely spac...

Heterogeneous Graph Backdoor Attack

Heterogeneous Graph Neural Networks HGNNs excel in modeling complex, multi-typed relationships across diverse domains, yet their vulnerability to backdoor attacks remains unexplored. To address this gap, we conduct the first investigation into the susceptibility of HGNNs to existing graph backdoo...

CVE-2022-39342

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...

CVE-2022-39352

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

Breaking ECDSA with Two Affinely Related Nonces

The security of the Elliptic Curve Digital Signature Algorithm ECDSA depends on the uniqueness and secrecy of the nonce, which is used in each signature. While it is well understood that nonce $k$ reuse across two distinct messages can leak the private key, we show that even if a distinct value i...

SQL Injection

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection via the getRelationFilterCondition method. Remediation Upgrade pimcore/pimcore to version 11.5.4 or higher. References - GitHub Commit -...

DEBIAN-CVE-2025-21702

In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifotailenqueue will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifotailenqueue...

CVE-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

PT-2025-1613

Name of the Vulnerable Software and Affected Versions Arm Cortex-A72 versions prior to r1p0 Arm Cortex-A73 affected versions not specified Arm Cortex-A75 affected versions not specified Description The issue may allow an adversary to gain a weak form of control over the victim's branch history...

SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type

The OVERWRITE clause of the DEFINE TABLE statement would fail to overwrite data for tables that were defined with TYPE RELATION. Since table definitions include the PERMISSIONS clause, this failure would result in permissions not being overwritten as a result, which may potentially lead users to...

GHSA-27VQ-HV74-7CQP SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type

The OVERWRITE clause of the DEFINE TABLE statement would fail to overwrite data for tables that were defined with TYPE RELATION. Since table definitions include the PERMISSIONS clause, this failure would result in permissions not being overwritten as a result, which may potentially lead users to...

RHEL 8 : postgresql:13 (RHSA-2024:6557)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6557 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

SUSE-SU-2024:3158-3 Security update for postgresql16

This update for postgresql16 fixes the following issues: - Upgrade to 15.8 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...