233820 matches found
CVE-2025-36122
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...
CVE-2025-36122 IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...
EUVD-2025-209601
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...
CVE-2025-36122
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...
CVE-2025-36122
CVE-2025-36122 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.3 for Linux, UNIX and Windows (including DB2 Connect Server). An authenticated user can cause a denial of service via a specially crafted SQL query due to improper allocation of system resources when stmtheap is set to AUTOMATIC. CVSS v...
CVE-2025-36122 IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...
CVE-2026-7435
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...
CVE-2026-7435
SSCMS v7.4.0 is affected by a SQL injection in the stl:sqlContent tag, where the queryString is passed directly to database execution without parameterization or sanitization. Attackers can submit encrypted payloads to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, lea...
CVE-2026-7435 SSCMS v7.4.0 SQL Injection via stl:sqlContent queryString
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to SQL Injection vulnerability in Dashboard UI (CVE-2025-36368)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed SQL Injection vulnerability Vulnerability Details CVEID:CVE-2025-36368 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to SQL injection. An administrative user could send special...
Incorrect Authorization
Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...
GHSA-CG4X-64P3-X59H CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...
WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.8.1...
SUSE CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
CVE-2026-7447
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...
EUVD-2026-26303
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...
CVE-2026-7447
SourceCodester Pet Grooming Management Software 1.0 contains a SQL injection in /admin/update_customer.php due to improper validation of parameter types/length/business rules. The flaw is exploitable remotely, with the exploit reportedly published. Affected software/component: SourceCodester Pet ...
CVE-2026-7447
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...
PT-2026-36031
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...
PT-2026-36817
Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description An issue in the datastore search sql function allows attackers to bypass authorization. This can lead to unauthorized access to private resources and PostgreSQL system...