CVE-2018-25382

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

EUVD-2026-30182

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR Insecure Direct Object Reference and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema...

SQLBot 安全漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.8.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-workpace IDOR and authorization bypasses in the...

CVE-2019-25643

CVE-2019-25643 affects eNdonesia Portal v8.7 and describes multiple SQL injection vulnerabilities in banners.php via the bid parameter. The flaws allow unauthenticated attackers to execute arbitrary SQL and exfiltrate information from INFORMATION_SCHEMA tables. The vulnerability is characterized ...

K000160290: PostgreSQL vulnerability CVE-2025-12817

Security Advisory Description Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, woul...

Parse Server - GraphQL Schema Information Disclosure

The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. id: CVE-2025-53364 info: name...

CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

EUVD-2025-5287

Malicious code in bioql PyPI...

pg_ivm 代码问题漏洞

pgivm is a library in the SRA OSS open source . IVM Incremental View Maintenance implementation as a PostgreSQL extension. A security vulnerability exists in pgivm versions prior to 1.5.1, which stems from the presence of an uncontrolled search path element vulnerability that can be exploited by ...

PT-2019-11743 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue concerns missing permission checks in various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for t...