CVE-2026-44221 ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases

ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44863

CVE-2026-44863 describes SQL injection vulnerabilities in several underlying service components accessible through the AOS-8 and AOS-10 CLI and management protocol. An authenticated attacker with administrative privileges can inject crafted input into parameters passed unsanitized to backend data...

CVE-2026-44862 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44862

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44861

CVE-2026-44861 affects AOS-8 and AOS-10 components accessible via their CLI and management protocol. The vulnerability is SQL injection in underlying service components, exploitable by an authenticated administrator through unsanitized input passed to backend queries, potentially allowing executi...

CVE-2026-44860 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44860

CVE-2026-44860 describes SQL injection vulnerabilities in multiple service components exposed via the AOS-8 and AOS-10 CLI and management protocol. An authenticated attacker with administrative privileges can inject crafted input into parameters passed to backend queries, which could allow execut...

EUVD-2026-29565

The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. Th...

CVE-2025-53681

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

web-scanner

Web Vulnerability Scanner A Python-based web vulnerability sc...

CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

CVE-2026-44204

Shelf is a platform for tracking physical assets. CVE-2026-44204 describes a SQL injection in the sortBy query parameter on the /assets route affecting versions 1.12 up to before 1.20.1. An authenticated user (any role) could execute arbitrary SQL and read data from any table, including data belo...

CVE-2026-40370 SQL Server Remote Code Execution Vulnerability

...

CVE-2026-40370 SQL Server Remote Code Execution Vulnerability

...

CVE-2025-53681

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

CVE-2026-25088

CVE-2026-25088 is described as an "improper neutralization of special elements used in an sql command" (SQL injection) affecting Fortinet FortiNDR versions 7.0 all, 7.1 all, 7.2 all, 7.4.0–7.4.9, and 7.6.0–7.6.2. The underlying issue is a failure to properly sanitize input in SQL commands, allowi...

CVE-2026-32687

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

KB5089270 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: May 12, 2026

KB5089270 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection an...