CVE-2026-6582

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

CVE-2026-6582

TransformerOptimus SuperAGI up to 0.0.14: the get_vector_db_details function in superagi/controllers/vector_dbs.py of the Vector Database Management Endpoint is vulnerable to a manipulation that leads to missing authentication. This is a remote-exploit, with a publicly published exploit and confi...

CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

EUVD-2026-16512

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

CVE-2019-25447

CVE-2019-25447 concerns OrientDB 3.0.17 GA Community Edition. The connected sources describe cross-site request forgery vulnerabilities that allow an attacker to perform unauthorized actions by crafting requests to endpoints such as /database/, /command/, and /document/. Attackers can create or d...

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

EUVD-2025-206338

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /updater/restore-db endpoint. An attacker can execute arbitrary code by crafting a malicious request after obtaining a compromised security key and creating a...

Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

Directory Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal over the wipedatabase endpoint. An attacker can delete any directory on the target filesystem by sending a specially crafted HTTP request that manipulates the...

PT-2024-16898 · Unknown · Altenergy Power Control

Name of the Vulnerable Software and Affected Versions: Altenergy Power Control Software versions up to 20241108 Description: A critical issue has been found in the software, affecting some unknown processing of the file /index.php/display/database/, leading to improper authorization. The attack m...

CVE-2024-4307

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...

PT-2022-22600 · Maccms10 · Maccms10

Name of the Vulnerable Software and Affected Versions: maccms10 versions v2021.1000.1081 through v2022.1000.3031 Description: A SQL injection issue was found via the table parameter at the "database/columns.html" endpoint. Recommendations: For versions v2021.1000.1081 through v2022.1000.3031, avo...

PT-2018-14545 · Phpyun · Phpyun

Name of the Vulnerable Software and Affected Versions: PHPYun version 4.6 Description: A security issue was found in PHPYun, where a vulnerability allows the deletion of any file or directory. This is possible due to the mishandling of the sql parameter by the del action function in the...