CVE-2025-41678

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement...

VulnCheck KEV: CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

BIT-MARIADB-MIN-2022-27383

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component mystrcasecmp8bit, which is exploited via specially crafted SQL statements...

CVE-2024-31880

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user...

CVE-2024-27315

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

CVE-2024-31882

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614...

CVE-2024-31212

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...

CVE-2024-57621

An issue in the GDKanalyticalcorrelation component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57615

An issue in the BATcalcbetweenintern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-38727

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257...

CVE-2023-40372

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499...

CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613...

CVE-2021-24360

The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...

CVE-2021-24662

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

CVE-2010-4069

Stack-based buffer overflow in IBM Informix Dynamic Server IDS 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka...

BIT-SUPERSET-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

CVE-2024-32480

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...

CVE-2024-45307

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...

Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...

MonetDB 安全漏洞

MonetDB is an open source column-oriented relational database management system from MonetDB Open Source. A security vulnerability exists in MonetDB version v11.47.11 that stems from an issue contained in the trimchars component. An attacker exploiting this vulnerability could cause a denial of...