CVE-2025-6943

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...

CVE-2025-6943

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...

CVE-2025-6943

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...

CVE-2025-6943

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...

CVE-2025-6943

The CVE-2025-6943 entry relates to Delinea Secret Server (Thycotic Secret Server) versions 11.7 and earlier. A SQL report creation vulnerability arises from insufficient validation of SQL report creation, enabling an administrator to access restricted tables. The impact is limited to local/admin ...

PT-2025-27646 · Thycotic · Thycotic Secret Server

Name of the Vulnerable Software and Affected Versions: Thycotic Secret Server versions 11.7 and earlier Description: The issue allows an administrator to gain access to restricted tables through a SQL report creation vulnerability. Recommendations: For Thycotic Secret Server versions 11.7 and...

CVE-2024-28850

WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...

CVE-2024-4995

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-57632

An issue in the iscolumnunique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57624

An issue in the expatom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57633

An issue in the expsbindcolumn component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-22071

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utlhttp privilege with network access via Oracle Net to...

CVE-2023-32672

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2022-44378

Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...

CVE-2020-14762

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application...

CVE-2013-0678

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query...

CVE-2025-30015

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...