Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Piccolo-ormPiccolo

2 matches found

CVE
CVEadded 2023/09/12 9:15 p.m.53 views

CVE-2023-41885

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not al...

5.3CVSS5.2AI score0.0035EPSS
CVE
CVEadded 2023/11/10 6:15 p.m.37 views

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name pa...

9.1CVSS9.6AI score0.00228EPSS