CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

agno SQL注入漏洞

Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Version 2.6.5 of Agno contains a SQL injection vulnerability. This vulnerability stems from SQL injections in the ClickHouse vector database backend,...

WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WC Place Order Without Payment versions = 2.6.5...

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

CVE-2026-27460

The vulnerability (CVE-2026-27460) affects Tandoor Recipes prior to version 2.6.5, in the recipe import functionality. An authenticated user can trigger a Denial of Service by uploading a large ZIP file (ZIP bomb), causing server crash or significant performance degradation. Impact is availabilit...

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images

A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...

Skuul school management system 代码注入漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A code injection vulnerability exists in Skuul School Management System version 2.6.5 and earlier, which stems from improper handling of SVG files in the file /dashboard/schools/1/edit, whi...

PT-2025-48387

Name of the Vulnerable Software and Affected Versions yungifez Skuul School Management System versions up to 2.6.5 Description A security issue exists in yungifez Skuul School Management System. The problem relates to the processing of the file /user/profile within the Image Handler component,...

@asyncapi/cli (>=3.1.0 <=4.1.1), @asyncapi/html-template (>=3.2.0 <=3.5.0) +18 more potentially affected by unknown CVE via @asyncapi/react-component (>=2.0.0 <=2.6.5)

@asyncapi/react-component NPM version =2.0.0, =3.1.0, =3.2.0, =0.24.0, =2.0.4, =0.0.0-nightly-20241023023252, =0.2.1, =2.6.0, =1.0.2, =1.0.0, =0.0.2-dev-0b744dd, =2.0.0, =0.0.2-test, =0.0.0-cache-perf-20240625144418, =1.16.0-next.4 - @rlawton/kuadrant-backstage-plugin-frontend =0.0.2 and more...

@vex-chat/spire (>=1.0.0 <=1.10.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =1.10.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...

@vex-chat/spire (>=1.0.0 <=1.10.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =1.10.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190721...

GHSA-7XW4-G7MM-R4HH Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

Milvus Proxy has a Critical Authentication Bypass Vulnerability

Impact What kind of vulnerability is it? Who is impacted? An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modif...

CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

CVE-2025-64513

CVE-2025-64513 describes a critical authentication bypass in the Milvus Proxy component of Milvus. An unauthenticated attacker can bypass all authentication, gaining full administrative access to the Milvus cluster, with read/modify/delete of data and privileged operations such as database or col...

PT-2025-46212

Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.4.24 Milvus versions 2.5.0 through 2.5.20 Milvus versions 2.6.0 through 2.6.4 Description An unauthenticated attacker can bypass authentication mechanisms in the Milvus Proxy component, gaining full administrative...

milvus 授权问题漏洞

milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. An authorization issue vulnerability exists in Milvus versions prior to 2.4.24, prior to 2.5.21, and prior to 2.6.5, which stems from an authentication mechanism bypass issue in the Milvus Proxy componen...

EUVD-2025-38446

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...