CVE-2025-46614

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...

CVE-2025-46614

The CVE-2025-46614 issue affects the Snowflake ODBC Driver prior to 3.7.0, where certain code paths log the entire SQL query at INFO level, enabling potential exposure of sensitive information. This vulnerability has a low base score (CVSS 3.1: 3.3) with LOCAL, LOW impact on confidentiality and n...

The vulnerability of the UpdateConnectionVariableArchivingBuffering method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UpdateConnectionVariableArchivingBuffering method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious act...

Exploit for CVE-2024-42327

🛡️ Zabbix 7.0.0 SQL Injection Exploit Script A Python script...

The vulnerability of the graphical interface of the Fortinet FortiPorta security analysis and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Fortinet FortiPortal graphical interface for security analysis and management lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information by...

SAP NetWeaver AS ABAP Authorization Bypass (3565944)

The remote SAP NetWeaver ABAP server may be affected by an authorization bypass vulnerability. Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries...

CVE-2025-30015

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

CVE-2025-30015 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

ROS-20250403-03

Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...

The vulnerability of the sqlgvec_upd component in the Virtuoso-OpenSource web application development platform allows a attacker to cause a service failure.

The vulnerability of the sqlgvecupd component in the Virtuoso-OpenSource web application development platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to cause service interruptions remotely...

DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

ROS-20250311-02

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-03

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-08

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-07

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-04

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-06

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

CVE-2025-1768

CVE-2025-1768 affects the SEO Plugin by Squirrly SEO for WordPress. The vulnerability is a blind SQL Injection in the plugin’s search parameter, exploitable on all versions up to 12.4.05 due to insufficient escaping of user input and inadequate preparation of the SQL query. With Subscriber-level ...

DIAEnergie 1.10 SQL Injection

DIAEnergie version 1.10 proof of concept remote SQL injection exploit. ============================================================================================================================================= | Title : DIAEnergie 1.10 PHP Code Injection Vulnerability | | Author : indoushka | ...