Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

PT-2026-42663

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TEST CONNECTION workflow for a Database Service and receive, in the...

PT-2026-42613

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TEST CONNECTION workflow for a Database Service and receive, in the...

CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

Oracle MySQL Server InnoDB Component Denial of Service Vulnerability (CNVD-2026-18430)

Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL Server. The vulnerability stems from a flaw in the...

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL Server. The vulnerability stems from a flaw in the...

PT-2026-6799

Name of the Vulnerable Software and Affected Versions Agentspace versions prior to December 12th, 2025 Description The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and...

aws-sg-cleanup (>=0.1.0 <=0.1.3), query-rds-data (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via aws-sdk-rds (=0.15.0)

aws-sdk-rds CARGO version =0.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-rds and may be impacted: - aws-sg-cleanup =0.1.0, =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

GHSA-7WQ2-32H4-9HC9 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.2, 7.3, 7.4, 7.5, and 7.6 that stems from an invalid authorization check for the IBM i SQL service, which could resu...

CVE-2025-40765

A vulnerability has been identified in TeleControl Server Basic V3.1 All versions = V3.1.2.2 V3.1.2.3. The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform...

CVE-2025-40765

A vulnerability has been identified in TeleControl Server Basic V3.1 All versions = V3.1.2.2 V3.1.2.3. The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform...

EUVD-2025-34161

A vulnerability has been identified in TeleControl Server Basic V3.1 All versions = V3.1.2.2 V3.1.2.3. The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform...

CVE-2025-40765

CVE-2025-40765 affects Siemens TeleControl Server Basic, versions 3.1.2.2–3.1.2.3. The vulnerability is an information disclosure that could allow an unauthenticated remote attacker to obtain user password hashes and login to perform authenticated operations on the database service. The issue is ...

PT-2025-41882

Name of the Vulnerable Software and Affected Versions TeleControl Server Basic versions 3.1.2.2 through 3.1.2.3 Description The application contains an information disclosure issue that could allow a remote attacker to obtain password hashes of users. This access could allow an attacker to log in...

EUVD-2023-42440

Malicious code in bioql PyPI...

Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I 安全漏洞

The Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I is an entry-level X-ray equipment electronic component from Smiths Detection, UK. A security vulnerability exists in the Smiths Detection HI-SCAN 6040i Hitrax HX-03-19-I, which stems from an issue in the AsDB service that allows an attacker to...