Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

EUVD-2026-30550

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

CVE-2026-1352 IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

Advisory ROSA-SA-2025-3037

Software: postgresql14 14.18 OS: rosa-server79 unaffected versions = postgresql14-14.18-1PGDG.res7 affected versions postgresql14-14.18-1PGDG.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, and arraysubscripthandler functio...

EUVD-2018-8603

Malware in sbrugna...

EUVD-2004-1947

Malware in sbrugna...

EUVD-2004-1839

Malware in sbrugna...

EUVD-2025-16990

Malicious code in bioql PyPI...

CVE-2025-54865 Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed...

CVE-2025-25257

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execu...

CVE-2025-27753

CVE-2025-27753 affects RSJoomla! RSMediaGallery component for Joomla, versions 1.7.4 through 2.1.6. Root cause: unescaped user-supplied parameters used directly in SQL queries within the dashboard component, enabling authenticated attackers to inject SQL code. Effects include unauthorized databas...

CVE-2024-31212

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...

CVE-2025-45018

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter...

SQL Injection

@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...

SQL Injection

crud-query-parser is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of the order/sort parameter. Specifically, it occurs because there is no property filter setup when using the TypeORM adapter with ordering enabled, allowing an attacker to inject malicious SQL...

LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection

A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...