CVE-2026-7023

CVE-2026-7023 : ByteDance coze-studio

CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

CVE-2026-7023

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

Exploit for SQL Injection in Djangoproject Django

CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...

PT-2026-35204

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

yu-picture 注入漏洞

Yu-Picture is an intelligent cloud image library platform developed by Liyupi’s individual developers, designed for team collaboration. Yu-Picture has a vulnerability related to injection attacks. This vulnerability stems from improper handling of the sortField parameter in the PageRequest functi...

coze-studio 注入漏洞

Coze-Studio is an open-source one-stop AI intelligent agent development tool developed by Coze-Dev. Versions of Coze-Studio prior to 0.5.1 had a injection vulnerability. This vulnerability stems from the ExecuteSQL operation in the databaseTool component’s file...

CVE-2026-6982

CVE-2026-6982 affects star7th ShowDoc up to versions 2.10.10, 3.6.2 and 3.8.0. The vulnerability resides in an unknown functionality of file server/Application/Api/Controller/PageController.class.PHP within the API Page Sort Endpoint, where manipulating the pages argument can lead to SQL injectio...

CVE-2026-33611

A flaw was found in PowerDNS. An operator with access to the REST API can introduce invalid HTTPS or SVCB record data, which can lead to corruption of the LMDB database. This can result in a denial of service due to data integrity issues. Mitigation To mitigate this issue, restrict access to the...

CVE-2026-22751

A flaw was found in Spring Security, specifically in applications configured for One-Time Token login using JdbcOneTimeTokenService. This vulnerability is due to a Time-of-check Time-of-use TOCTOU race condition. A remote attacker with high attack complexity could exploit this flaw to achieve low...

Kai-Tools

Kai Tools 🚀 Kai Tools adalah suite keamanan dan intelijen...

[SECURITY] Fedora 44 Update: coturn-4.10.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

ShowDoc 注入漏洞

ShowDoc is a tool developed by star7th, ideal for online document sharing among IT teams. Versions 2.10.10, 3.6.2, and 3.8.0 of ShowDoc contain injection vulnerabilities. These vulnerabilities stem from improper handling of parameters in the...

KLiK SocialMediaWebsite 注入漏洞

KLiK SocialMediaWebsite is a simple social media website developed by Muhammad Saad using PHP. Versions of KLiK SocialMediaWebsite 1.0.1 and earlier had a vulnerability related to injection attacks. This vulnerability stemmed from the cid parameter operations in the Private Message Handler...

PT-2026-35153

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

EUVD-2026-25631

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

CVE-2026-41473

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...