CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

PT-2026-48300

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

EUVD-2026-30931

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

CVE-2026-43937

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

PT-2026-38087

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.create postgres query. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search...

CVE-2026-5394

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...

EUVD-2026-23368

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

Unspecified Vulnerability in HCL AION (CNVD-2026-15147)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

PT-2026-24168

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.1 Description Glances, a cross-platform system monitoring tool, contains a flaw in its TimescaleDB export module. The module builds SQL queries by concatenating strings with unverified system monitoring data. The...

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure in the query execution layer. An attacker can obtain internal database error details, including error...

PT-2026-23007

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description The /api/query/sql endpoint allows users to execute SQL queries directly on the database. However, it only verifies basic authentication and does not check for administrative privileges. This allows a...

CVE-2026-24324

SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...

CVE-2026-24324

SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

The SAP BusinessObjects Business Intelligence Platform is a comprehensive business analytics platform developed by the German company SAP. This platform integrates market-leading SAP data integration products, data management products, and business intelligence BI solutions. It eliminates...

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...