Lucene search
+L

83246 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45305

IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions...

4.3CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday15 views

CVE-2026-7771

Summary (CVE-2026-7771): IBM Db2 is vulnerable to a trap when compiling specially crafted statements containing subqueries, potentially causing a denial of service. Affected are Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (both Client and Server). Root cause identified as CWE-835 (Loop with Unreachable E...

5.5CVSS5.2AI score
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-45283

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service...

5.5CVSS5.2AI score
Exploits0References1
CVE
CVE
added yesterday16 views

CVE-2026-8635

Security bulletin confirms CVE-2026-8635 affects Langflow OSS versions 1.0.0–1.10.0 where an authenticated user can exploit the Python Interpreter component to execute arbitrary code, bypass controls, and escalate to superuser by manipulating the database, potentially compromising the Langflow se...

9.9CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-8635 Arbitrary Code Execution in Python Interpreter Component

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...

9.9CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-45270

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...

9.9CVSS5.7AI score
Exploits0References1
Patchstack
Patchstack
added yesterday9 views

WordPress Core <= 7.0.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by TF1T, dtro, and haongo in WordPress core versions = 7.0.1...

5.9AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-9762

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-9762 IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-45234

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS6.3AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-9586

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-63307

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/id endpoint. The handler calls dataSourceService.queryExistentid, ... without an ownership check and returns the decrypted password field, allowing any authenticated non-admin use...

7.1CVSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-49209

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
Cvelist
Cvelist
added yesterday9 views

CVE-2026-9586 Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9586

CVE-2026-9586 describes an unauthenticated SQL injection in Sangoma Switchvox SMB Edition 8.3. The vulnerable component is the /pa endpoint, which processes XML beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries, enabling arbitrary SQL execution an...

9.3CVSS6.7AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45205

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS6.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-8297 SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS5.7AI score
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45201

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS5.6AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-16014

The CVE-2026-16014 entry concerns code-projects Hospital Bed Management System 1.0. It identifies a vulnerability in an unspecified part of the Login Form, where manipulating the Username argument triggers a SQL injection. The vulnerability enables remote exploitation, and public exploits exist. ...

7.5CVSS7.1AI score
Exploits0References6
Cvelist
Cvelist
added yesterday11 views

CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS
Exploits0References6
Rows per page
Query Builder