CWE-943— Improper Neutralization of Special Elements in Data Query Logic
The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.— MITRE CWE catalog
53 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-943page 1 of 2
- CVE-2018-19952HIGHCVSS 7.5EG 7.52020-11-02
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
- CVE-2018-7829HIGHCVSS 8.8EG 8.82019-05-22
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.
- CVE-2020-36195CRITICALCVSS 9.8EG 9.82021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed…
- CVE-2020-5257HIGHCVSS 7.7EG 7.72020-03-13
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were abl…
- CVE-2021-1349MEDIUMCVSS 6.5EG 6.52021-01-20
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insu…
- CVE-2021-1481MEDIUMCVSS 4.3EG 4.32024-11-15
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due …
- CVE-2021-34712MEDIUMCVSS 5.4EG 6.52021-09-23
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to ins…
- CVE-2022-36084CRITICALCVSS 9.9EG 9.92022-09-08
cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses `@flexSearchFulltext`…
- CVE-2024-28192MEDIUMCVSS 5.3EG 5.32024-03-13
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mec…
- CVE-2024-31882MEDIUMCVSS 5.3EG 5.32024-08-14
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an aut…
- CVE-2024-35136MEDIUMCVSS 5.3EG 5.32024-08-14
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.
- CVE-2024-4872CRITICALCVSS 9.9EG 9.92024-08-27
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an …
- CVE-2025-23292MEDIUMCVSS 4.6EG 4.62025-09-30
NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (…
- CVE-2025-24787HIGHCVSS 8.6EG 8.62025-02-06
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is runn…
- CVE-2025-33114MEDIUMCVSS 5.3EG 5.32025-07-29
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.
- CVE-2025-36185MEDIUMCVSS 6.2EG 6.22025-11-07
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
- CVE-2025-36353MEDIUMCVSS 6.2EG 6.22026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
- CVE-2025-36366MEDIUMCVSS 6.5EG 6.52026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnorm…
- CVE-2025-36442MEDIUMCVSS 6.5EG 6.52026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns.
- CVE-2025-42884MEDIUMCVSS 6.5EG 6.52025-11-11
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclos…
- CVE-2026-0504LOWCVSS 3.8EG 3.82026-01-13
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutraliz…
- CVE-2026-10698HIGHCVSS 7.2EG 7.22026-07-08
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 202…
- CVE-2026-22558HIGHCVSS 7.7EG 7.72026-03-19
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
- CVE-2026-25513HIGHCVSS 8.8EG 8.82026-02-04
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arb…
- CVE-2026-25514HIGHCVSS 8.8EG 8.82026-02-04
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attack…
- CVE-2026-27886HIGHCVSS 7.5EG 7.52026-05-14
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker cou…
- CVE-2026-33566MEDIUMCVSS 4.3EG 4.32026-04-27
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.
- CVE-2026-33980HIGHCVSS 8.3EG 8.32026-03-27
Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0…
- CVE-2026-34973MEDIUMCVSS 5.3EG 5.32026-04-02
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE cla…
- CVE-2026-40102MEDIUMCVSS 6.5EG 6.52026-05-20
Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike the regular AnalyticsEndp…
- CVE-2026-40141CRITICALCVSS 9.9EG 9.92026-07-06
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow…
- CVE-2026-40351CRITICALCVSS 9.8EG 9.82026-04-17
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator obj…
- CVE-2026-40352HIGHCVSS 8.8EG 8.82026-04-17
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operato…
- CVE-2026-41274CRITICALCVSS 9.8EG 9.82026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization…
- CVE-2026-41327CRITICALCVSS 9.1EG 9.12026-04-24
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default …
- CVE-2026-41328CRITICALCVSS 9.1EG 9.12026-04-24
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default …
- CVE-2026-41696MEDIUMCVSS 5.9EG 5.92026-06-10
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expres…
- CVE-2026-41697MEDIUMCVSS 4.8EG 4.82026-06-10
Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boole…
- CVE-2026-42156HIGHCVSS 7.1EG 7.12026-05-12
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher …
- CVE-2026-42316MEDIUMCVSS 6.5EG 6.52026-05-11
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration…
- CVE-2026-44425MEDIUMCVSS 5.4EG 5.42026-05-13
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort_by query parameter…
- CVE-2026-44840HIGHCVSS 7.5EG 7.52026-06-29
Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPassword` GraphQL query in Dgraph is vulnerable to DQL (Dgraph Query Language) injection. User-supplied password values are interpolated directly…
- CVE-2026-45688CRITICALCVSS 9.1EG 9.12026-06-24
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialT…
- CVE-2026-45689CRITICALCVSS 9.1EG 9.12026-06-24
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token f…
- CVE-2026-46591HIGHCVSS 8.2EG 8.22026-07-06
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchPr…
- CVE-2026-47181HIGHCVSS 8.7EG 8.72026-06-11
PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account tak…
- CVE-2026-47835HIGHCVSS 7.5EG 8.62026-06-15
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, sp…
- CVE-2026-49482MEDIUMCVSS 4.3EG 4.32026-06-12
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % charac…
- CVE-2026-53674HIGHCVSS 7.1EG 7.12026-06-10
BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names c…
- CVE-2026-54019MEDIUMCVSS 6.5EG 6.52026-06-17
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. …
Map vulnerabilities like CWE-943 to your infrastructure
EchelonGraph correlates every CVE — across CWE-943 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →