The vulnerability of the itc_hash_compare component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the itchashcompare component in the Virtuoso-opensource web application development platform is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially...

The vulnerability of the chash_array component in the virtuoso-opensource web application development platform allows a hacker to trigger a service failure.

The vulnerability of the chasharray component in the virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially crafted SQ...

The vulnerability of the `box_deserialize_string` component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the boxdeserializestring component in the Virtuoso-OpenSource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially...

The vulnerability of the qi_inst_state_free component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the qiinststatefree component in the Virtuoso-OpenSource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially...

The vulnerability of the qi_inst_state_free component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the qiinststatefree component in the Virtuoso-OpenSource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially...

The vulnerability of the sqlg_hash_source component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the sqlghashsource component in the Virtuoso-opensource web application development platform is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending...

GHSA-7GJ6-22M4-QFHX DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

CVE-2024-11958

CVE-2024-11958 affects the duckdb_retriever component in run-llama/llama_index, with SQL queries constructed without prepared statements. This enables SQL injection and can lead to remote code execution (RCE) by installing the shellfs extension and executing commands. Public references (GHSA-339R...

CVE-2024-8099 Server-Side Request Forgery (SSRF) in vanna-ai/vanna

A Server-Side Request Forgery SSRF vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as readcsv, readcsvauto, readtext, and...

WordPress plugin Eventer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-50706

CVE-2024-50706 describes an unauthenticated SQL injection in Uniguest Tripleplay. The vulnerability affects Tripleplay 23.1+ and enables remote attackers to execute arbitrary SQL queries on the backend database. Multiple sources corroborate the issue and classify it as high/critical risk (CVSS v3...

CVE-2024-50706

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database...

The vulnerability in the VERM_AJAX_functions.php script of the software for managing call centers allows a violator to execute arbitrary code.

The vulnerability of the VERMAJAXfunctions.php software for the Vicidial call processing center is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

CVE-2025-26606

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26605

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

CVE-2025-26609 SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26612 SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2022-36976

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...

CVE-2022-36975

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can...

CVE-2022-36979

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...