CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

CVE-2026-33442 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

Kysely SQL注入漏洞

Kysely is a type-safe TypeScript SQL query builder developed by Kysely. Versions of Kysely prior to 0.28.14 contained an SQL injection vulnerability. This vulnerability stemmed from the sanitizeStringLiteral method not escaping backslashes, which could lead to SQL injection attacks...

GHSA-8CPQ-38P9-67GX Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...

SQL Injection

Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and quotes, which are not properly...

Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Summary The sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path...

SQL Injection

Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and single quotes, which are not...

PT-2026-26762

Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.14 Description Kysely's DefaultQueryCompiler.sanitizeStringLiteral function inadequately escapes backslashes when handling string literals. Specifically, it only doubles single quotes but does not address...

EUVD-2015-2293

Malware in sbrugna...

EUVD-2018-16667

Malware in sbrugna...

cJSON before 1.7.11 allows out-of-bounds access related to \x00 in a string literal.

...

[SECURITY] Fedora 40 Update: rust-sd-1.0.0-2.fc40

Intuitive find & replace CLI. Painless regular expressions sd uses regex syntax that you already know from JavaScript and Python. Forget about dealing with quirks of sed or awk - get productive immediately. String-literal mode Non-regex find & replace. No more backslashes or remembering which...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

postgresql-server -- Memory disclosure in aggregate function calls

PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...

RUSTSEC-2022-0031 Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...