18 matches found
CVE-2026-40887
Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...
EUVD-2026-28594
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability
Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...
GHSA-9PP3-53P2-WW9V @vendure/core has a SQL Injection vulnerability
Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the database. This affec...
PT-2026-33235
Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...
GHSA-5FW2-8JCV-XH87 Parse Server: Account takeover via operator injection in authentication data identifier
Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...
GHSA-R2M8-PXM9-9C4G Parse Server has a protected fields bypass via dot-notation in query and sort
Impact The protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This...
[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43
Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...
UBUNTU-CVE-2021-29625
Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...
Fedora Update for gallery2 FEDORA-2007-4778
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2007-4778 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2007-4777
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2007-4777 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-5576
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-5576 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-11218
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-11218 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-11258
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-11258 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-11230
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-11230 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 8 Update: gallery2-2.3-1.fc8
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...
[SECURITY] Fedora 9 Update: dbmail-2.2.9-1.fc9
Dbmail is the name of a group of programs that enable the possiblilty of storing and retrieving mail messages from a database. Currently dbmail supports the following database backends: MySQL PostgreSQL SQLite Please see /usr/share/doc/dbmail-/README.fedora for specific information on installatio...
[SECURITY] Fedora 7 Update: gallery2-2.2-0.7.svn20070831.fc7
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...