MAL-2026-5394 Malicious code in @sql-access/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2acee7592879b9eab377fb8e97a1fa2949b298f4418d37fb963e157971638c90 @sql-access/[email protected] is a decoy package whose identity, README, and code do not match. The package name and keywords advertise SQL/Node...

CVE-2026-46837

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

GHSA-WJJV-3MJ2-39HF AgenticMail API/storage and outbound relay hardening fixes

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

PT-2026-44529

Name of the Vulnerable Software and Affected Versions Oracle Flow Manufacturing versions 12.2.9 through 12.2.15 Description A security issue in the Oracle Flow Manufacturing product of Oracle E-Business Suite allows a low privileged attacker with network access via SQL to compromise the system...

CVE-2026-29073

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...

Pedidos SQL注入漏洞

Pedidos is an order management system developed by the Spanish company Pedidos. Version 1.0 of Pedidos contains a SQL injection vulnerability. This vulnerability stems from the q parameter in the ajax/loadproveedores.php file, which allows for arbitrary SQL queries to be executed and database...

EUVD-2012-6282

Malware in sbrugna...

Q-Free MAXTIME Suite SQL注入漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A SQL injection vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the editUserGroupMenu endpoint in maxprofile/menu/model.lua that does not properly handle user...

PT-2024-9403 · Siemens · Syngo.Plaza

Name of the Vulnerable Software and Affected Versions: syngo.plaza VB30E versions prior to VB30E HF05 Description: The issue is related to the lack of protection of the SQL query structure, allowing an attacker to execute arbitrary SQL code and compromise the database. The affected application do...

PT-2024-33578 · WordPress · Duplicate Title Validate

Name of the Vulnerable Software and Affected Versions: Duplicate Title Validate versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, specifically an improper neutralization of special elements used in an SQL command. This allows for Blind SQL Injection,...

Vulnerabilities fixed in Veeam ONE

Veeam has fixed vulnerabilities in Veeam ONE. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive...

PT-2023-31556

Name of the Vulnerable Software and Affected Versions Biltay Technology Kayisi versions prior to 1286 Description The issue is related to an SQL Injection vulnerability, which allows for the improper neutralization of special elements used in an SQL command. This can lead to SQL Injection and...

How to Protect Against Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...

Test the communication between DDC and SQL with an .udl file

If you would like to test if the communication between DDC and SQL is working fine, outside Citrix, you can create an .udl file on desktop and try to access the SQL server using the required username and password. If the communication completes successfully, you can continue troubleshooting from...

PT-2023-9518 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the IO default xsputn component and involves improper neutralization of special elements used in SQL commands. This can be exploited by a remote attacker to cause...

Advisory ROSA-SA-2021-1914

Software: mariadb 5.5.68 OS: Cobalt 7.9 CVE-ID: CVE-2016-3492 CVE-Crit: MEDIUM CVE-DESC: An unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors associated with Server:...

CVE-2017-15365

sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...

CVE-2017-15365

sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...

CVE-2017-15365

Removed by vendor...

CVE-2017-15365

Disclaimer: This data contains information about vulnerable...