Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-46373

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 p.m.14 views

CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:16 p.m.6 views

PYSEC-2026-209

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:16 p.m.6 views

DEBIAN-CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:16 p.m.3 views

UBUNTU-CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:40 p.m.45 views

CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:38 p.m.34 views

CVE-2026-46373

Affected software: SQLFluff (SQL linter/formatter) with parsers for multiple dialects. Vulnerability: In versions before 4.1.0, an untrusted user can submit deeply nested SQL queries that trigger a Denial of Service through resource exhaustion when parsed. Root cause: recursive/stack-based parsin...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/19 8:10 p.m.10 views

GHSA-WMHF-FQC8-VXHH SQLFluff: Recursive Stack Overflow in Parser

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.1.0 and up contain ...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
NVD
NVD
added 2026/04/13 6:16 p.m.5 views

CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS0.00484EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/13 6:16 p.m.7 views

CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS6AI score0.00484EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/13 5:49 p.m.3 views

EUVD-2026-22039

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS6.1AI score0.00484EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32491

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description An integer overflow occurs within the jvp string append and jvp string copy replace bad functions when concatenating strings with a combined length exceeding 2^31 bytes. This leads to a 32-bit unsigned...

8.5CVSS5.8AI score0.00559EPSS
Exploits4References44
Rows per page
Query Builder