233701 matches found
CVE-2026-29080
CVE-2026-29080 describes an SQL injection in Rucio’s FilterEngine for Oracle JSON Path via the DID search API. In Oracle deployments using the default json_meta plugin, create_sqla_query() interpolates attacker-controlled key and value directly into sqlalchemy.text() via Python .format(), bypassi...
CVE-2026-29080
A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...
GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API
Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API
Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...
SQL Injection
Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection via the createpostgresquery function when attacker-controlled filter keys and values are interpolated directly into raw SQL statements through the DID search endpoint. An attacker can execute...
GHSA-VJR5-C9QV-HGM3 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API
Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...
SQL Injection
Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection in the createsqlaquery function when processing filter keys and values in Oracle database backends using the default jsonmeta metadata plugin configuration. An attacker can execute arbitrary SQL...
CVE-2026-3359
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: steampipe, openfga, kine, temporal, spire-server, falcosidekick, openbao, kuma, sftpgo, gitlab-kas, grafana, cloudnative-pg, pgtimetable, kubeflow-pipelines, caddy, certificate-transparency, cloudprober, teleport, sftpgo-plugin-eventsearch, bento, rke2-cloud-provider...
EUVD-2026-27548
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
mssql_timebased_SQLI
No d...
CVE-2026-1719
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
CVE-2026-1719
CVE-2026-1719 concerns the Gravity Bookings Premium WordPress plugin. Affected: Gravity Bookings Premium plugin for WordPress (versions up to and including 2.5.9). Issue: SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query, enabli...
CVE-2026-1719
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
Exploit for CVE-2026-33324
CVE-2026-33324 Overview SQLBot, a sophisticated Text-to-S...
Exploit for SQL Injection in Progress Moveit_Cloud
CVE-2023-34362 MOVEit Transfer Vulnerability Analysis Proj...
PT-2026-37435
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
Linux Distros Unpatched Vulnerability : CVE-2026-44331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject...