Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing restoreTenant from the adminMutationMWConfig. An attacker can overwrite the entire database, read arbitrary server-side files, and perform server-side request forgery by sending crafted requests to t...

GHSA-P5RH-VMHP-GVCW Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

CVE-2026-35467 Private Key stored as extractable in browser IndexeDB

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...

CVE-2026-34825

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...

GO-2026-4914 Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...

GO-2026-4873 Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core

Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

EUVD-2026-18338

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

CVE-2026-35168

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

CVE-2026-28805

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from...

CVE-2026-28805 OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from...

EUVD-2026-18180

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...

EUVD-2026-18176

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability...

CVE-2026-5328 shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...

mysql: mariadb: InnoDB unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2026-4370

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

CVE-2026-33617

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...