EUVD-2025-209294

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

CVE-2025-14816

The connected PT-2026-30802 advisory confirms CVE-2025-14816 as a local vulnerability affecting Mitsubishi Electric GENESIS64, ICONICS Suite/MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64 (and related Iconics Digital Solutions variants). The root cause is cleartext storage/display ...

CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

Mitsubishi Electric多款产品 安全漏洞

Mitsubishi Electric GENESIS64 and other products are developed by Mitsubishi Electric Corporation of Japan. Mitsubishi Electric GENESIS64 is a SCADA suite. Mitsubishi Electric ICONICS Suite is a monitoring system for digital factories and intelligent buildings. Mitsubishi Electric MobileHMI is a...

Mitsubishi Electric多款产品 安全漏洞

Mitsubishi Electric MC Works64 is a product of Japanese company Mitsubishi Electric. Mitsubishi Electric MC Works64 is a data acquisition and supervision system SCADA. Mitsubishi Electric GENESIS64 is a SCADA kit. Mitsubishi Electric MobileHMI is a mobile client application. Several products of...

CVE-2019-25475

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...

CVE-2026-21262

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

Grafana MSSQL Data Source Plugin 安全漏洞

The Grafana MSSQL Data Source Plugin is an open-source plugin from Grafana that allows for connecting to Microsoft SQL Server. There is a security vulnerability in the Grafana MSSQL data source plugin. This vulnerability stems from a logical flaw that allows low-privilege users to bypass API...

Update Rollup 1 for System Center 2025 Virtual Machine Manager

Update Rollup 1 for System Center 2025 Virtual Machine Manager Applies to Microsoft System Center 2025 Virtual Machine Manager Introduction This article lists the new enhancements and bug fixes that come with System Center Virtual Machine Manager 2025 UR1 release. This article also provides the...

mysql: InnoDB unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

EUVD-2019-19938

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

CVE-2019-25598

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

PT-2026-26986

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to...

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

KLA90939 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-26133 high Solution Install necessary...

Security Updates for Microsoft SQL Server (March 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-21262, CVE-2026-26115, CVE-2026-26116 Note that Nessus has not tested for these issues but has instea...

EUVD-2019-19752

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition...