EUVD-2021-6714

Malicious code in bioql PyPI...

EUVD-2025-7610

Malicious code in bioql PyPI...

BIT-MARIADB-MIN-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

Ubuntu 24.10 / 25.04 : ADOdb vulnerability (USN-7530-1)

The remote Ubuntu 24.10 / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7530-1 advisory. It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Tenable has extracted th...

ROS-20250526-06

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to the fact that the Shamir implementation uses pre-computed table lookups. Exploitation of the vulnerability could allow an attacker to gain access to potentially sensitive information...

CVE-2024-6456

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

CVE-2008-7120

SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter...

CVE-2009-3497

SQL injection vulnerability in viewlisting.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

Alibaba Cloud Linux 3 : 0017: postgresql:12 (ALINUX3-SA-2021:0017)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0017 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14349: It was found that PostgreS...

PT-2025-17907 · Easyvirt · Easyvirt Co2Scope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.4 and earlier EasyVirt CO2Scope versions 1.3.4 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to specific A...

K000150943: PostgreSQL vulnerabilities CVE-2019-10164, CVE-2020-14349, and CVE-2020-14350

Security Advisory Description CVE-2019-10164 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often...

CVE-2024-6841

A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...

CVE-2025-22370

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

CVE-2025-22370

CVE-2025-22370 affects Mennekes Smart / Premium chargingpoints firmware web configuration interface. The vulnerability arises from insufficient input neutralization in multiple web config fields, allowing an attacker to execute arbitrary SQL commands. The issue is associated with firmware version...

CVE-2024-35475

A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

CVE-2024-8523

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523

CVE-2024-8523 affects lmxcms up to version 1.4. The vulnerable component is the function formatData in the file /admin.php?m=Acquisi&a=testcj&lid=1 of the SQL Command Execution Module . Manipulation of the argument data leads to code injection. The issue can be exploited remotely, and the exploit...