GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

EUVD-2026-25213

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

EUVD-2026-25218

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

FBI Extracts Deleted Signal Messages from iPhone Notification Database

404 Media reports alternate site: The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database…. The news shows how forensic...

CVE-2026-6887

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-6887 BorG Technology Corporation｜Borg SPM 2007 - SQL Injection

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-6887 BorG Technology Corporation｜Borg SPM 2007 - SQL Injection

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-3960 Remote Code Execution in h2oai/h2o-3

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...

EUVD-2026-25184

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

CVE-2026-41229

Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...

CVE-2026-40529

CVE-2026-40529 involves a SQL injection in the CMS ALAYA provided by KANATA Limited. The vulnerability allows an attacker who has access to the administrative interface to obtain or alter information stored in the database. The connected sources (NVD/CVELIST) describe the affected product and the...

CVE-2026-41229

Summary (CVE-2026-41229) Froxlor prior to v2.3.6 contains a PHP code injection flaw in the generation of userdata.inc.php. PhpHelper::parseArrayToString() writes string values into single-quoted PHP literals without escaping single quotes. When an admin with change_serversettings updates a MySQL ...

CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)

Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...

SUSE CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

EUVD-2026-25125

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

KANATA CMS ALAYA SQL注入漏洞

KANATA CMS ALAYA is a digital content management platform for enterprises developed by KANATA Corporation in Japan. CMS ALAYA has a SQL injection vulnerability. This vulnerability stems from SQL injections, and it could allow attackers with access to the management interface to obtain or modify...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM Corporation. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities. These vulnerabilities stem from improper handling of special elements in the data query logic, which may cause...

PT-2026-34652

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...