CVE-2026-44221

ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...

EUVD-2023-43141

Malicious code in bioql PyPI...

GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

Uncaught Exception in surrealdb

Although custom parameters and functions are only supported at the database level, it was allowed to invoke those entities at the root or namespace level. This would cause a panic which would crash the SurrealDB server, leading to denial of service. Impact A client that is authorized to run queri...

GHSA-JM4V-58R5-66HJ Uncaught Exception in surrealdb

Although custom parameters and functions are only supported at the database level, it was allowed to invoke those entities at the root or namespace level. This would cause a panic which would crash the SurrealDB server, leading to denial of service. Impact A client that is authorized to run queri...

Code injection

schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...

Arbitrary Code Execution

postgresql is vulnerable to Arbitrary Code Execution. The vulnerability is available within the 'CREATE SCHEMA' statement and can be used by a malicious attacker with database-level 'CREATE' privilege to bypass the protective 'searchpath' changes and execute arbitrary code as the bootstrap...