EUVD-2025-210317

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

EUVD-2025-210321

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

EUVD-2025-210320

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2025-61018

CVE-2025-61018 affects OpenLink Virtuoso Open-Source v7.2.11, specifically the sqlo_place_dt_set component. The issue allows attackers to cause a Denial of Service via crafted SQL statements. The connected documents confirm the affected product/version and the DoS impact, but do not provide explo...

CVE-2025-61022

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

PT-2026-32560

Name of the Vulnerable Software and Affected Versions SAP Business Planning and Consolidation affected versions not specified SAP Business Warehouse affected versions not specified Description Insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse...

CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

MCP MariaDB Server 安全漏洞

MCP MariaDB Server is a server implementation of the MariaDB open-source large language model context protocol. Versions of MCP MariaDB Server 11.8.5 and earlier contain security vulnerabilities. These vulnerabilities arise when the server audit plugin is enabled and specific filtering events are...

Input Validation Bypass

Apache Superset is vulnerable to Input Validation Bypass. The vulnerability is due to specially crafted SQL statements can bypass the read-only verification check when using a PostgreSQL database connection, and attackers can exploit it to execute unauthorized actions...

Allocation of Resources Without Limits or Throttling

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the customquery function. An attacker can cause excessive CPU or memory consumption by submitting crafted prompts that...

CVE-2023-43192

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statemen...

WordPress Brands for WooCommerce Plugin SQL Injection Vulnerability

WordPress Brands for WooCommerce Plugin is a category of plugins for WordPress websites that specialize in helping WooCommerce online stores manage product brands. WordPress Brands for WooCommerce Plugin suffers from a SQL injection vulnerability that stems from the application's lack of validati...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31061)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...

Beauty Parlour Management System manage-services.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/manage-services.php. An attacker can...

EUVD-2017-17160

Malware in sbrugna...