CVE-2026-6978

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

Command Injection

sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...

SUSE CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

GO-2025-4088 sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls

sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls...

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

sqls 安全漏洞

sqls is the sqls-server open source a SQL language server written in Go. A security vulnerability exists in sqls version 0.2.28, which stems from the openEditor function not cleaning up the EDITOR environment variable and configuration file path, which could lead to a command injection attack...

CVE-2025-61141

The CVE-2025-61141 entry concerns sqls-server/sqls version 0.2.28, which is vulnerable to command injection in the config command. The root cause is that openEditor passes the EDITOR environment variable and the config file path to sh -c without sanitization, enabling an attacker to execute arbit...

Large filter subscriptions can crash a JIRA instance with an OutOfMemoryError

h3. Summary JIRA has no 'rate limiting' or mail limit on filter subscriptions. This means using certain configurations will allow for a significant amount of mail to be created. As this mail is persisted in memory, it's possible to cause OutOfMemoryError's, even with a significant amount of heap...

Large filter subscriptions can crash a JIRA instance with an OutOfMemoryError

h3. Summary JIRA has no 'rate limiting' or mail limit on filter subscriptions. This means using certain configurations will allow for a significant amount of mail to be created. As this mail is persisted in memory, it's possible to cause OutOfMemoryError's, even with a significant amount of heap...

Large filter subscriptions can crash a JIRA instance with an OutOfMemoryError

h3. Summary JIRA has no 'rate limiting' or mail limit on filter subscriptions. This means using certain configurations will allow for a significant amount of mail to be created. As this mail is persisted in memory, it's possible to cause OutOfMemoryError's, even with a significant amount of heap...