Fluffington
Products
2- Sqlfluff3 CVEspypi
- 2 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46374 | Hig | 0.42 | 7.5 | 0.00 | Jun 9, 2026 | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application… | ||
| CVE-2026-46373 | Hig | 0.42 | 7.5 | 0.00 | Jun 9, 2026 | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive… | ||
| CVE-2023-36830 | 0.00 | — | 0.00 | Jul 6, 2023 | SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via… | |||
| CVE-2014-4530 | 0.00 | — | 0.01 | Jan 10, 2020 | flog plugin 0.1 for WordPress has XSS | |||
| CVE-2006-0352 | 0.00 | — | 0.01 | Jan 21, 2006 | The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that… |
- risk 0.42cvss 7.5epss 0.00
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application…
- risk 0.42cvss 7.5epss 0.00
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive…
- CVE-2023-36830Jul 6, 2023risk 0.00cvss —epss 0.00
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via…
- CVE-2014-4530Jan 10, 2020risk 0.00cvss —epss 0.01
flog plugin 0.1 for WordPress has XSS
- CVE-2006-0352Jan 21, 2006risk 0.00cvss —epss 0.01
The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that…