15 matches found
EUVD-2025-22977
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-8264
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inje...
SQL Injection
z-push/z-push-dev is vulnerable to SQL Injection. The vulnerability is due to unparameterized queries in the IMAP backend’s basic authentication username field, which allows an attacker to inject malicious SQL commands to access, modify, or delete sensitive data from a linked third-party database...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
GHSA-W832-W3P8-CW29 z-push/z-push-dev SQL Injection Vulnerability
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
z-push/z-push-dev SQL Injection Vulnerability
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
UBUNTU-CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
CVE-2025-8264
CVE-2025-8264 affects z-push/z-push-dev prior to version 2.7.6 due to unparameterized queries in the IMAP backend, enabling SQL Injection via the username field in basic authentication. Impact stated as attacker could access and potentially modify or delete data in a linked third-party database. ...
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...
PT-2025-31175 · Z-Push +1 · Z-Push +1
Name of the Vulnerable Software and Affected Versions: z-push/z-push-dev versions prior to 2.7.6 Description: The software is vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic...
Z-Push 安全漏洞
Z-Push is an open source data synchronization software from Z-Hub. A security vulnerability exists in Z-Push versions prior to 2.7.6, which stems from an unparameterized query and could lead to a SQL injection attack...
SQL Injection
Overview z-push/z-push-dev is an open-source application to synchronize ActiveSync compatible devices Affected versions of this package are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field ...