4 matches found
BIT-NIFI-2026-44913 Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL
Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...
OESA-2025-1969 xmlunit security update
Security Fixes: A vulnerability was found in xmlunit-core. It has been declared as problematic.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 2.10.0 eliminates this vulnerability.CVE-2024-31573...
DEBIAN-CVE-2024-28168
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...