633 matches found
CVE-2026-15043
CVE-2026-15043 affects DBI::SQL::Nano (versions 1.42–1.650.x) for Perl. In the non-numeric string branch of is_matched, the = with Perl's le, causing inverted = comparisons in WHERE predicates. This occurs in the fallback SQL engine used by DBI's file-backed drivers (e.g., DBD::File, DBD::DBM, CS...
EUVD-2026-43654
DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...
NocoBase - SQL Injection
NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...
Mongoose - NoSQL Injection
NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...
CVE-2026-54698
Hasura CVE-2026-54698 describes a row-level authorization bypass on table computed fields. Before versions 2.49.2 and 2.45.5, a user could use a where clause on a table computed field (returning SETOF some_table) to infer rows that should be filtered for their role according to some_table’s row-l...
CVE-2026-54698
Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field returning SETOF sometable to infer row values that ought to be filtered for their role based on sometable's row-level permissions. While...
CVE-2026-54698 Hasura: Row-level authorization bypass on table computed fields
Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field returning SETOF sometable to infer row values that ought to be filtered for their role based on sometable's row-level permissions. While...
CVE-2026-54698 Hasura: Row-level authorization bypass on table computed fields
Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field returning SETOF sometable to infer row values that ought to be filtered for their role based on sometable's row-level permissions. While...
PT-2026-56262
Name of the Vulnerable Software and Affected Versions Hasura versions prior to 2.49.2 Hasura versions prior to 2.45.5 Description A flaw exists where a user can employ a where clause on a table computed field that returns SETOF some table to infer row values. This occurs even when those rows shou...
EUVD-2026-40295
DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...
PT-2026-53847
Name of the Vulnerable Software and Affected Versions DBIx::QuickORM versions prior to 0.000026 Description An issue exists where SQL identifiers are emitted verbatim into generated queries without proper quoting or escaping. This occurs because the default SQL builder, a SQL::Abstract subclass,...
PT-2026-53269
Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data. By injecting UNION SELECT payloads into the PARAM 0 POST paramete...
MongoDB 4.4.x < 4.4.31 / 5.0.x < 5.0.34 / 6.0.x < 6.0.29 / 7.0.x < 7.0.37 / 8.0.x < 8.0.26 / 8.2.x < 8.2.11 / 8.3.x < 8.3.4 Use-After-Free (CVE-2026-11933)
The version of MongoDB installed on the remote host is 4.4.x prior to 4.4.31, 5.0.x prior to 5.0.34, 6.0.x prior to 6.0.29, 7.0.x prior to 7.0.37, 8.0.x prior to 8.0.26, 8.2.x prior to 8.2.11, or 8.3.x prior to 8.3.4. It is, therefore, affected by a use-after-free vulnerability: - A use-after-fre...
EUVD-2026-36373
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
Exploit for Write-what-where Condition in Linux Linux_Kernel
DirtyFrag CVE-2026-43284 PoC Validation and auditd Detection...
Exploit for Write-what-where Condition in Linux Linux_Kernel
No d...
Exploit for Write-what-where Condition in Linux Linux_Kernel
Local privilege escalation / Container escape: CVE-2026-43284 /...
Exploit for Write-what-where Condition in Linux Linux_Kernel
CVE-2...
CVE-2026-7797
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...