CVE-2018-25272

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

CVE-2018-25272

ELBA5 5.8.0 contains a Remote Code Execution vulnerability via database access. The issue allows an attacker to obtain database credentials, decrypt the DBA password, and run commands with SYSTEM-level permissions. Exploitation could occur by connecting with default connector credentials and usin...

Oracle Critical Patch Update, April 2026 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

DEBIAN-CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-33611 Insufficient validation of HTTPS and SVCB records

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-33611 Insufficient validation of HTTPS and SVCB records

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-40906

A flaw was found in ElectricSQL, a Postgres sync engine. An authenticated user could exploit an error-based SQL injection vulnerability in the /v1/shape API's orderby parameter. This flaw allows an attacker to read, write, and destroy the full contents of the underlying PostgreSQL database. Such ...

EUVD-2026-24662

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-4126

The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...

CVE-2026-4119

CVE-2026-4119 affects the WordPress plugin Create DB Tables (versions up to and including 1.2.1). The vulnerability arises from missing capability checks and nonce verification in admin_post hooks for creating and deleting tables, allowing any authenticated user (including Subscribers) to execute...

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-4126

Summary: The WordPress Table Manager plugin (v1.0.0 and earlier) is vulnerable to sensitive data exposure via the table shortcode. The handler uses a user-controlled table attribute, only applies sanitize_key(), and concatenates the value with $wpdb-&gt;prefix to form a full table name, then exec...

CVE-2026-4126

The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...

EUVD-2026-24599

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +1147 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...