[SECURITY] Fedora 43 Update: rrdtool-1.9.0-8.fc43

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

PT-2026-44528

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

LinkAce 注入漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...

Oracle Database Server Net Service 安全漏洞

Oracle Database Server Net Service is a database network communication and connection management service component provided by Oracle Corporation. Versions 23.4.0 to 23.26.2 of Oracle Database Server Net Service contain security vulnerabilities. These vulnerabilities stem from issues with the Net...

Oracle Database Server Net Service 安全漏洞

Oracle Database Server Net Service is a database network communication and connection management service component provided by Oracle Corporation. Versions 23.4.0 to 23.26.2 of Oracle Database Server Net Service contain security vulnerabilities. These vulnerabilities stem from issues with the Net...

PT-2026-44526

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attac...

PT-2026-44527

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

PT-2026-44199

The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the process bulk action function, the...

Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

GHSA-2G95-6X5Q-XJWJ Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

GHSA-VMWP-VH32-RJ75 Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

GHSA-MXFR-6HCW-J9RQ Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...

CVE-2026-44886 Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

CVE-2026-44886 Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-44635

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...

CVE-2026-42878 FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...