CVE-2026-41697

CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...

GHSA-VXGG-MQX2-3W59 Apache Polaris has an Improper Input Validation Issue

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

EUVD-2004-0928

Malware in sbrugna...

EUVD-2013-2072

Malware in sbrugna...

EUVD-2024-54835

Malicious code in bioql PyPI...

CVE-2024-42655

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters...

PT-2025-31247 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.21.10 Description: An access control issue in NanoMQ version 0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. Recommendations: At the moment,...

CVE-2025-52575 EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

GHSA-XGC2-Q928-27WV TYPO3 Sensitive Information Disclosure via escapeStrForLike method

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...

TYPO3 Sensitive Information Disclosure via escapeStrForLike method

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...

Regular Expression Denial Of Service (ReDoS)

hubot-help is vulnerable to regular expression denial of service ReDoS. The attack is possible due to lack of properly handling of user inputs for command name registration and regex with wildcard characters, triggering a backtracking behavior against the current set of commands registered and...

Information Disclosure

spring-data-jpa is vulnerable to information disclosure. A lack of validation and sanitization of wildcard characters when using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING allows a user to retrieve more results than expect...

Open Redirection

Cloudfoundry UAA is vulnerable to open redirection.The redirect URI is not properly validated to filter wildcard characters, allowing a remote unauthenticated user to enter malicious URI to get a UAA access code...

Security Bulletin: Vulnerabilities in cURL component shipped with ClearCase (CVE-2014-0139)

Summary An attacker could send a specially-crafted certificate to impersonate a server. Vulnerability Details CVEID: CVE-2014-0139 Description: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by an error in the hostmatch function when validating certificates...

WU-FTPD File Globbing Denial Of Service - Ver2 (CVE-2005-0256)

A denial-of-service vulnerability has been reported in wu-ftpd. A remote attacker could trigger this vulnerability via a glob pattern with a large number of wildcard characters as demonstrated using the dir command. Successful exploitation of this vulnerability would allow a remote attacker to...

WU-FTPD File Globbing Denial Of Service - Ver2 (CVE-2005-0256)

A denial-of-service vulnerability has been reported in wu-ftpd. A remote attacker could trigger this vulnerability via a glob pattern with a large number of wildcard characters as demonstrated using the dir command. Successful exploitation of this vulnerability would allow a remote attacker to...

Design/Logic Flaw

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

PSF-2013-1 ssl.match_hostname() wildcard DoS

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...