Export limit exceeded: 19067 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19067 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27304 | 2 Jackc, Redhat | 3 Pgproto3, Pgx, Advanced Cluster Security | 2026-05-21 | 9.8 Critical |
| pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. | ||||
| CVE-2026-41889 | 1 Jackc | 1 Pgx | 2026-05-21 | 9.8 Critical |
| pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a string literal, and the value of that placeholder is controllable by the attacker. This issue has been patched in version 5.9.2. | ||||
| CVE-2024-27289 | 2 Jackc, Redhat | 3 Pgx, Advanced Cluster Security, Openshift | 2026-05-21 | 8.1 High |
| pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. | ||||
| CVE-2026-32687 | 1 Elixir-ecto | 1 Postgrex | 2026-05-21 | 7.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and 'Elixir.Postgrex.Notifications':unlisten/3 is interpolated directly into LISTEN "..." / UNLISTEN "..." SQL statements without escaping the " character. An attacker who can influence the channel name can inject a " to break out of the quoted identifier and append arbitrary SQL. Because the notifications connection uses the PostgreSQL simple query protocol, multi-statement payloads are accepted, allowing DDL and DML commands to be chained (e.g. ; DROP TABLE ...; --). The same unsanitized interpolation also occurs in handle_connect/1 when replaying LISTEN commands after a reconnect. This vulnerability is associated with program file lib/postgrex/notifications.ex and program routines 'Elixir.Postgrex.Notifications':listen/3, 'Elixir.Postgrex.Notifications':unlisten/3, 'Elixir.Postgrex.Notifications':handle_connect/1. This issue affects postgrex: from 0.16.0 before 0.22.2, from pkg:github/elixir-ecto/postgrex@266b530faf9bde094e31e0e4ab851f933fadc0f5 before 0.22.2. | ||||
| CVE-2026-44923 | 1 Veritas | 2 Infoscale, Infoscale Operations Manager | 2026-05-21 | 6.5 Medium |
| SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | ||||
| CVE-2023-3651 | 1 Digital-ant | 1 Digital Ant | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 11. | ||||
| CVE-2023-3716 | 1 Oduyo | 1 Online Collection | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Software: before 1.0.1. | ||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02. | ||||
| CVE-2023-3898 | 1 Mayanets | 1 E-commerce | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 1.1. | ||||
| CVE-2023-4034 | 1 Digitatek | 1 Smartrise Document Management System | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This issue affects Smartrise Document Management System: before Hvl-2.0. | ||||
| CVE-2023-4231 | 1 Cevik | 1 Informatics Online Payment System | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection. This issue affects Online Payment System: before 4.09. | ||||
| CVE-2026-44047 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.8 High |
| An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service. | ||||
| CVE-2023-4530 | 1 Turnatasarim | 1 Advertising Administration Panel | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Administration Panel: before 1.1. | ||||
| CVE-2023-4531 | 1 Mestav | 1 E-commerce Software | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software: before 20230901 . | ||||
| CVE-2023-4541 | 1 Ween | 1 Management Panel | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4661 | 1 Adobe | 1 Connect | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4674 | 1 Yaztekteknoloji | 1 E-commerce | 2026-05-21 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4670 | 1 Innosa Probbys Project | 1 Innosa Probbys | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2. | ||||
| CVE-2023-4671 | 1 Talentyazilim | 1 Ecop | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. | ||||
| CVE-2023-4673 | 1 Sanalogi | 1 Turasistan | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 . | ||||