VYPR

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

ClassIncomplete

Description

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-676

CVEs mapped to this weakness (42)

page 2 of 3
  • CVE-2026-40102MedMay 20, 2026
    risk 0.35cvss 6.5epss 0.00

    Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike the regular AnalyticsEndpoint, which checks against an…

  • CVE-2026-42316MedMay 11, 2026
    risk 0.35cvss 6.5epss 0.00

    kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format…

  • CVE-2026-34973MedApr 2, 2026
    risk 0.34cvss 5.3epss 0.00

    phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does…

  • CVE-2026-41697MedJun 10, 2026
    risk 0.31cvss 4.8epss 0.00

    Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected…

  • CVE-2025-23292MedSep 30, 2025
    risk 0.30cvss 4.6epss 0.00

    NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).

  • CVE-2026-49482MedJun 12, 2026
    risk 0.28cvss 4.3epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite…

  • CVE-2026-44425MedMay 13, 2026
    risk 0.28cvss 5.4epss 0.00

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort_by query parameter, which are then passed directly as…

  • CVE-2026-33566MedApr 27, 2026
    risk 0.28cvss 4.3epss 0.00

    There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.

  • CVE-2026-0504LowJan 13, 2026
    risk 0.25cvss 3.8epss 0.00

    Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited…

  • CVE-2026-54019Jun 17, 2026
    risk 0.00cvss epss 0.00

    # RAG ACL Bypass in Milvus Multitenancy Mode ## Summary This is a bypass of the fix for: - GHSA-h36f-rqpx-j5wx - CVE-2026-44560 - "Unauthorized File and Knowledge Base Content Access via RAG Vector Search" Open WebUI added collection-level ACL checks, but the patch can still…

  • CVE-2026-48121Jun 12, 2026
    risk 0.00cvss epss 0.00

    ## Summary A NoSQL injection vulnerability existed in `MongoDBSaver` where checkpoint identifier fields from `config.configurable` were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads (for example MongoDB…

  • CVE-2026-32248Mar 12, 2026
    risk 0.00cvss epss 0.01

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the…

  • CVE-2026-32247Mar 12, 2026
    risk 0.00cvss epss 0.00

    Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through…

  • CVE-2026-31825Mar 10, 2026
    risk 0.00cvss epss 0.00

    Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy() without validation. An attacker can inject arbitrary DQL. The…

  • CVE-2026-29793Mar 10, 2026
    risk 0.00cvss epss 0.00

    Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method (get, patch, update, remove). The transport…

  • CVE-2026-30941Mar 10, 2026
    risk 0.00cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset…

  • CVE-2026-25591Feb 24, 2026
    risk 0.00cvss epss 0.01

    New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the `/api/token/search` endpoint allows authenticated users to cause denial of service…

  • CVE-2026-25513Feb 4, 2026
    risk 0.00cvss epss 0.00

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort…

  • CVE-2026-25514Feb 4, 2026
    risk 0.00cvss epss 0.00

    FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the…

  • CVE-2025-66169Jan 14, 2026
    risk 0.00cvss epss 0.01

    Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS…