3 matches found
CVE-2025-27018
CVE-2025-27018 describes an SQL injection vulnerability in the Apache Airflow MySQL Provider (before 6.2.0) caused by improper neutralization of special elements in SQL commands. When a user triggers a DAG using the dump_sql or load_sql functions, a UI-passed table parameter could be crafted to e...
CVE-2025-27018 Apache Airflow MySQL Provider: SQL injection in MySQL provider core function
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dumpsql or loadsql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not...
PT-2024-16882 · WordPress · Woocommerce Point Of Sale
Name of the Vulnerable Software and Affected Versions: WooCommerce Point of Sale plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is due to insufficient validation on the logged in user id value when option values are empty, allowing attackers to change the email o...