13 matches found
SQL Injection
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to SQL Injection via the sqlExpression or where parameters. An attacker can execute arbitrary SQL commands by injecting malicious input into these...
CVE-2026-23980
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...
CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...
EUVD-2026-8474
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...
CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...
SQL Injection
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to SQL Injection via the sqlExpression fields. An attacker can execute unauthorized sub-queries and access restricted data by injecting SQL. Remediation...
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
CVE-2021-38481
The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...
AUVESY Versiondog SQL注入漏洞
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. AUVESY Versiondog suffers from a SQL injection vulnerability that could be exploited by an attacker to send a malicious load that enables a user to execute another SQL...
CVE-2016-1562
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...
Buffer overflow
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...