PT-2026-34609

Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...

PT-2026-34247

CVE-2026-6834 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specif… https://t.co/30wrzM11aW...

PT-2026-34239

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

PT-2026-34561

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...

PT-2026-34577

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

Oracle Database Server Java VM Component Data Disclosure Vulnerability

Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...

PT-2026-34290

Name of the Vulnerable Software and Affected Versions Table Manager versions prior to 1.0.1 Description The Table Manager plugin for WordPress allows authenticated attackers with Contributor-level access and above to extract sensitive data from arbitrary WordPress database tables. The issue occur...

Raiffeisen ELBA5 加密问题漏洞

Raiffeisen ELBA5 is an electronic banking client system developed by the Austrian company Raiffeisen. Version 5.8.0 of Raiffeisen ELBA5 contains a security vulnerability related to remote code execution. This vulnerability may allow attackers to obtain database credentials and execute arbitrary...

PT-2026-34246

CVE-2026-6833 The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. https://t.co/t19jGHdUjW...

guardsix ODBC Enrichment Plugins 代码问题漏洞

Guardsix ODBC Enrichment Plugins are a set of data extension plugins developed by the Danish company Guardsix. Versions of Guardsix ODBC Enrichment Plugins prior to version 5.2.1 contained code vulnerabilities. These vulnerabilities were due to logical flaws that allowed for the reuse of stored...

SQLi-Injection-Payloads

No d...

EUVD-2026-24432

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability...

EUVD-2026-24408

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...

EUVD-2026-24297

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction...

EUVD-2025-209547

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

CVE-2026-35229

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability...

CVE-2026-34312

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...

CVE-2026-21999

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction...

CVE-2025-70420

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...