CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...

EUVD-2024-54494

Malicious code in bioql PyPI...

CVE-2024-51444

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization...