CVE-2026-42810

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

EUVD-2018-21949

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2018-25428

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2018-25425

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

CVE-2018-25411

CVE-2018-25411 affects MGB OpenSource Guestbook 0.7.0.2. The vulnerability is an SQL injection in the email.php endpoint vulnerable to crafted payloads via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL and potentially enumerate database tables and columns. The issu...

PT-2026-45125

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...

PT-2026-41863

The additional tables configuration of the page and tt content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

TYPO3 Extension Faceted Search 安全漏洞

TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted searching. There is a security vulnerability in TYPO3 Extension Faceted Search. This vulnerability stems from the additionaltables configuration in the page and ttcontent indexers, which allows arbitrary tab...

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

CVE-2026-5395

The Fluent Forms plugin for WordPress (Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder) is affected by CVE-2026-5395, with vulnerable versions all the way through 6.2.0. The root cause is an Insecure Direct Object Reference in the exportEntries function caus...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SimplePdo::insert, SimplePdo::update, and SimplePdo::delete functions. An attacker can execute arbitrary SQL commands by supplying crafted array keys or table names that are directly concatenated into SQL statement...

Apache Polaris has an Improper Input Validation Issue

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

Improper Encoding or Escaping of Output

Overview org.apache.polaris:polaris-core is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this package are...

CVE-2026-42810

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...