2 matches found
CVE-2026-29953
CVE-2026-29953 corresponds to a SQL Injection vulnerability in SchemaHero 0.23.0. The issue is triggered via the column parameter to the columnAsInsert function in plugins/postgres/lib/column.go. The vulnerability is evidenced across multiple feeds (Red Hat, CIRCL, NVD, CVE records) with consiste...
CVE-2026-33643
CVE-2026-33643 affects SchemaHero 0.23.0 with a SQL Injection flaw in the MySQL plugin path: the column.go processing in plugins/mysql/lib/column.go improperly handles the column parameter, allowing malicious input to alter table schema. Connected sources also describe similar risks in the Postgr...