CVE-2025-30015

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

CVE-2025-30015 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

CVE-2025-30015

CVE-2025-30015 affects SAP NetWeaver and ABAP Platform (Application Server ABAP). The issue stems from incorrect memory address handling in ABAP SQL, enabling an authenticated attacker with high privileges to execute certain SQL queries and manipulate content in the output variable. The reported ...

PT-2025-15373 · Sap · Sap Netweaver +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver and ABAP Platform Application Server ABAP affected versions not specified Description: The issue arises from incorrect memory address handling in ABAP SQL, allowing an authenticated attacker with high privileges to execute...

The vulnerability of the itc_hash_compare component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the itchashcompare component in the Virtuoso-opensource web application development platform is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially...

The vulnerability of the chash_array component in the virtuoso-opensource web application development platform allows a hacker to trigger a service failure.

The vulnerability of the chasharray component in the virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially crafted SQ...

The vulnerability of the `box_deserialize_string` component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the boxdeserializestring component in the Virtuoso-OpenSource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially...

The vulnerability of the qi_inst_state_free component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the qiinststatefree component in the Virtuoso-OpenSource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially...

The vulnerability of the qi_inst_state_free component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the qiinststatefree component in the Virtuoso-OpenSource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially...

The vulnerability of the sqlg_hash_source component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the sqlghashsource component in the Virtuoso-opensource web application development platform is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending...

GHSA-7GJ6-22M4-QFHX DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

CVE-2024-11958

CVE-2024-11958 affects the duckdb_retriever component in run-llama/llama_index, with SQL queries constructed without prepared statements. This enables SQL injection and can lead to remote code execution (RCE) by installing the shellfs extension and executing commands. Public references (GHSA-339R...

CVE-2024-8099 Server-Side Request Forgery (SSRF) in vanna-ai/vanna

A Server-Side Request Forgery SSRF vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as readcsv, readcsvauto, readtext, and...

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-50706

CVE-2024-50706 describes an unauthenticated SQL injection in Uniguest Tripleplay. The vulnerability affects Tripleplay 23.1+ and enables remote attackers to execute arbitrary SQL queries on the backend database. Multiple sources corroborate the issue and classify it as high/critical risk (CVSS v3...

CVE-2024-50706

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database...

The vulnerability in the VERM_AJAX_functions.php script of the software for managing call centers allows a violator to execute arbitrary code.

The vulnerability of the VERMAJAXfunctions.php software for the Vicidial call processing center is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

CVE-2025-26606

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26605

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

CVE-2025-26609 SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...