GHSA-FXC7-FM93-6Q77 ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...

CVE-2026-22185

OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline function of mdbload. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause...

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which originates from an unknown function misoperation in the SQLite database component in file...

PT-2025-47093

Name of the Vulnerable Software and Affected Versions ShopSuite ModulithShop versions up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a Description A flaw exists within ShopSuite ModulithShop related to the RSA/OAuth2/Database component, resulting in the presence of hard-coded credentials. This issu...

EUVD-2021-19483

Malware in sbrugna...

EUVD-2023-49453

Malicious code in bioql PyPI...

EUVD-2022-37869

Malicious code in bioql PyPI...

EUVD-2025-27251

Malicious code in bioql PyPI...

EUVD-2021-34174

Malicious code in bioql PyPI...

CVE-2025-9364

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data...

CVE-2025-9364

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data...

CVE-2025-9364

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data...

PT-2025-36731

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An open database issue exists due to an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and...

Updated aide packages fix vulnerabilities

Improper output neutralization potential AIDE detection bypass. CVE-2025-54389 Null pointer dereference after reading incorrectly encoded xattr attributes from database local DoS. CVE-2025-54409...

Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...

TencentOS Server 2: bind (TSSA-2023:0156)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0156 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-5154

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2021-24556

The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

CVE-2025-23208

The CVE-2025-23208 issue affects Zot, an OCI image registry. Root cause: SetUserGroups on login appends new groups instead of replacing existing memberships, stored in boltdb (meta.db), so group revocations/removals from IdPs are ignored. Impact: any configuration using group-based authorization ...

CVE-2024-22117 Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...