8 matches found
EUVD-2025-26417
Malicious code in bioql PyPI...
SQL Injection
Overview tirreno/tirreno is an open-source security analytics platform Affected versions of this package are vulnerable to SQL Injection via the columns0data parameter in the /admin/loadUsers API endpoint. An attacker can execute arbitrary SQL commands by supplying crafted input that is directly...
CVE-2025-55472
SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...
CVE-2025-55472
SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...
CVE-2025-55472
Tirreno v0.9.5 contains a SQL Injection vulnerability in the /admin/loadUsers API endpoint due to unsafe handling of the columns[0][data] input, which is directly used in SQL queries without proper validation or parameterization. The issue could allow arbitrary SQL execution, with the current sou...
Tirreno 安全漏洞
tirreno is a security analyzer from tirreno open source. A security vulnerability exists in Tirreno version v0.9.5, which stems from improper handling of the columns0data parameter and could lead to an SQL injection attack...
CVE-2025-55472
SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...
CVE-2025-55472
SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...