104 matches found
EUVD-2026-35194
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
CVE-2026-49141 WACRM Authorization Bypass via Automation Engine Endpoint
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
PT-2026-47450
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contact id in the POST request body without tenant ownershi...
OpenMeter: SQL injection through meter creation
Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...
JLSEC-2026-47
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
Exploit for CVE-2025-48757
🛡️ Supabase Sentinel A Claude Skill that audits your Supaba...
MiracleLinux 9 : postgresql:16 (AXSA:2024-9501:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9501:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...
TencentOS Server 4: postgresql16 (TSSA-2024:0908)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0908 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
KB5068406 - Description of the security update for SQL Server 2022 CU21: November 11, 2025
KB5068406 - Description of the security update for SQL Server 2022 CU21: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025
KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025
KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068407 - Description of the security update for SQL Server 2022 GDR: November 11, 2025
KB5068407 - Description of the security update for SQL Server 2022 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
EUVD-2023-26958
Malicious code in bioql PyPI...
EUVD-2025-16441
Malicious code in bioql PyPI...
EUVD-2025-16474
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-10976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and...
Apache Superset < 4.1.2 Multiple Vulnerabilities
According to its self-reported version, the Apache Superset is prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions...
BIT-SUPERSET-2025-48912 Apache Superset: Improper authorization bypass on row level security via SQL Injection
An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects...