CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

EUVD-2026-40295

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

9.8CVSS5.8AI score

Exploits0References2

CVE•added 9 hours ago•8 views

CVE-2026-13766

Summary: CVE-2026-13766 affects DBIx::QuickORM prior to 0.000026 for Perl. The default SQL builder (SQL::Abstract subclass) does not set quote_char, causing unquoted identifiers (order_by, where keys, field/returning lists, upsert columns, join aliases) to be emitted verbatim and fed into the SQL...

9.8CVSS5.8AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by