GHSA-VRGW-PC9C-QRRC UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

CVE-2025-69274

creationtimestamp| type| source ---|---|--- 2026-01-12 06:14:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mc7f6gihuv2e 2026-01-12 08:28:43+00:00| seen| https://gist.github.com/Darkcrai86/f0f6df139dd354963017b94c3867a324...

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

CVE-2023-31404

Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Privilege Management in Grafana (CVE-2024-1442)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-1442 Vulnerability Details CVEID:CVE-2024-1442 DESCRIPTION: A user with the permissions to create a data source can use Grafana API to...

CVE-2025-60044

creationtimestamp| type| source ---|---|--- 2025-12-18 08:02:35+00:00| seen| https://bsky.app/profile/potato.software/post/3maapl4l7n42k...

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

Austin, TX, USA, 4th December 2025, CyberNewsWire...

CVE-2024-40965

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2025-38280

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

TencentOS Server 3: log4j (TSSA-2022:0188)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0188 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2025-50819

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input via CPU...

EUVD-2025-50818

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input...

CVE-2025-64509

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

CVE-2025-12397

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...