83246 matches found
EUVD-2026-45305
IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions...
CVE-2026-7771
Summary (CVE-2026-7771): IBM Db2 is vulnerable to a trap when compiling specially crafted statements containing subqueries, potentially causing a denial of service. Affected are Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (both Client and Server). Root cause identified as CWE-835 (Loop with Unreachable E...
EUVD-2026-45283
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service...
CVE-2026-8635
Security bulletin confirms CVE-2026-8635 affects Langflow OSS versions 1.0.0–1.10.0 where an authenticated user can exploit the Python Interpreter component to execute arbitrary code, bypass controls, and escalate to superuser by manipulating the database, potentially compromising the Langflow se...
CVE-2026-8635 Arbitrary Code Execution in Python Interpreter Component
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...
EUVD-2026-45270
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...
WordPress Core <= 7.0.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by TF1T, dtro, and haongo in WordPress core versions = 7.0.1...
CVE-2026-9762
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...
CVE-2026-9762 IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...
EUVD-2026-45234
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...
CVE-2026-9586
An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...
CVE-2026-63307
Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/id endpoint. The handler calls dataSourceService.queryExistentid, ... without an ownership check and returns the decrypted password field, allowing any authenticated non-admin use...
CVE-2026-49209
Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...
CVE-2026-9586 Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB
An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...
CVE-2026-9586
CVE-2026-9586 describes an unauthenticated SQL injection in Sangoma Switchvox SMB Edition 8.3. The vulnerable component is the /pa endpoint, which processes XML beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries, enabling arbitrary SQL execution an...
EUVD-2026-45205
An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...
CVE-2026-8297 SQLi in GIS Informatics' GisLab Laboratory Management System
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...
EUVD-2026-45201
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...
CVE-2026-16014
The CVE-2026-16014 entry concerns code-projects Hospital Bed Management System 1.0. It identifies a vulnerability in an unspecified part of the Login Form, where manipulating the Username argument triggers a SQL injection. The vulnerability enables remote exploitation, and public exploits exist. ...
CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...