CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

newbee-mall 信任管理问题漏洞

newbee-mall is an e-commerce system developed under open source by newbee. newbee-mall has a vulnerability related to trust management. This vulnerability stems from the database initialization script, which includes pre-set administrator accounts with predictable default passwords. This allows...

PT-2026-7887

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The application includes pre-seeded administrator accounts in its database initialization script, which are provisioned with a predictable default password. Deployments that initialize or...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an unvalidated PostgreSQL initialization script filename that could lead ...

CVE-2025-12618

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

MAL-2025-47874 Malicious code in node-db-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45ff3c4bbc7432de4b939c5c4f4553b07da3f84986979516af118b1da40fb264 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Odoo 输入验证错误漏洞

Odoo is an open source enterprise management suite , its features cover CRM, sales, purchasing, inventory management , manufacturing , quality management , HR full-featured , financial management , project management , PLM and a series of perfect enterprise information needs . An input validation...

Wavecrack - Web Interface For Password Cracking With Hashcat

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Screenshots The homepage Adding an hash to crack Seeing the results and some stats Outline This Web application can be used to launch asynchronous password cracks with hashcat. The...

Trend Micro Mobile Security for Enterprise widgetforsecurity talker Authentication Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the initialization of the users table in the tmwf database...

openSUSE: Security Advisory for systemd (openSUSE-SU-2016:2522-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

we7cms directory traversal vulnerability

we7cms is a content management system based on asp.net development. The we7cms V3.0 system has multiple directory traversal vulnerabilities that can be exploited by attackers to obtain sensitive information through database initialization and table building statements...