CVE-2026-25600

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

CVE-2026-41490

CVE-2026-41490 affects Dagster’s dynamic partition keys in I/O managers (DuckDB, Snowflake, BigQuery, DeltaLake). Prior to Dagster Core 1.13.1 and Dagster libraries 0.29.1, SQL WHERE clauses were built by interpolating partition key values without escaping, allowing a user with Add Dynamic Partit...

📄 Microsoft SQL Server 2022 / 2025 Privilege Escalation

Microsoft SQL Server versions 2022 and 2025 suffer from a privilege escalation vulnerability via the MSDatabaseManager role. Title: Microsoft SQL Server Privilege Elevation Through MSDatabaseManager Role CVE-2025-24999 Product: Database Manufacturer: Microsoft Affected Versions: SQL Server...

(Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the qvpndbmgr module...

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

PT-2026-5726

Name of the Vulnerable Software and Affected Versions Odoo versions 21.11 through 25.10 Odoo versions 26.05 Description The NixOS Odoo package, an open source ERP and CRM system, exposes the database manager without authentication. This allows unauthorized actors to delete and download the entire...

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-13409

CVE-2025-13409 concerns the WordPress plugin Form Vibes – Database Manager for Forms . The Wordfence report confirms an SQL Injection via the params parameter in all versions up to and including 1.4.13 due to insufficient escaping and lack of proper query preparation. It requires authenticated Ad...

PT-2026-1399

Name of the Vulnerable Software and Affected Versions Form Vibes – Database Manager for Forms plugin for WordPress versions up to and including 1.4.13 Description The software contains a SQL Injection issue due to insufficient escaping of user-supplied input and inadequate preparation of existing...

WordPress plugin Form Vibes – Database Manager for Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.13 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.13...

EUVD-1999-1409

Malware in sbrugna...

EUVD-2003-0935

Malware in sbrugna...

EUVD-2019-11474

Malware in sbrugna...

EUVD-2025-10733

Malicious code in bioql PyPI...

CVE-2019-25021

An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code...