318 matches found
CVE-2025-30015
Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...
CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...
CVE-2024-10901
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...
CVE-2024-6841 CSRF in vanna-ai/vanna
A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...
ROS-20250311-05
PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...
CVE-2024-57653
An issue in the qstvecsetcopy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57664
An issue in the sqlggroupnode component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57653
An issue in the qstvecsetcopy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57660
An issue in the sqloexpandjts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57657
An issue in the sqlgvecupd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57637
An issue in the dfeunitgbdependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57641
An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57643
An issue in the boxdeserializestring component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57638
An issue in the dfebodycopy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57619
An issue in the atomgetint component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57651
CVE-2024-57651 affects the openlink Virtuoso Open-Source package (virtuoso-opensource) with vulnerable component jp_add in version 7.2.11 . The issue allows an attacker to cause a Denial of Service (DoS) by sending crafted SQL statements. Public advisories reference the same CVE across multiple s...
CVE-2024-57655
An issue in the dfeninorder component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57640
An issue in the dcaddint component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57657
An issue in the sqlgvecupd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2024-57651
An issue in the jpadd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...