CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

EUVD-2026-31315

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

EUVD-2026-29891

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

UBUNTU-CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

CLSA-2026-1778107205 Fix CVE(s): CVE-2026-23918

SECURITY UPDATE: double free / possible RCE in modhttp2 stream purge - debian/patches/CVE-2026-23918.patch: deduplicate inserts into the spurge array in modules/http2/h2mplx.c via a new addforpurge helper to prevent the same h2stream from being freed twice. - CVE-2026-23918...

Oracle PeopleSoft Enterprise HCM Shared Components 安全漏洞

Oracle PeopleSoft Enterprise HCM Shared Components is a set of common component modules for human resources systems developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Shared Components contains a security vulnerability. This vulnerability stems from issues with the...

Oracle Utilities Applications security vulnerabilities

Oracle Utilities Applications is a technology platform for the utilities industry developed by Oracle, a company in the United States. Vulnerabilities exist in versions 4.4.0.3.0.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10 of the Oracle Utilities Application Framework. These...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in Unified Audit versions 23.4 through 23.9 of Oracle Database Server...

U.S. Dept Of Defense: Critical PII Data Exposure in ORDER_ERROR_LOG

A critical security vulnerability was identified in the application's error logging system. The ORDERERRORLOG file contained complete database insertion statements that exposed personally identifiable information of customers in plain text format. The error handling mechanism was logging full SQL...

CVE-2021-35665

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion component: Repository. The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting...

CVE-2023-52925

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044intervaloverlap0 Expected: 0-2 . 0-3, got: W: FAILED ./testcases/sets/0044intervaloverlap0: got 1 Insertion...

CVE-2024-21261

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle...

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...

PT-2024-6370 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.5.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, a specially crafted...

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite and Oracle Installed Base are both products of Oracle Corporation Oracle.Oracle E-Business Suite is a fully integrated global business management software. The software provides customer relationship management, service management, financial management and...