HCL AION SQL Injection Vulnerability (CNVD-2026-15146)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from a misconfiguration that may allow execution of harmful SQL queries, which can be exploited by an attacker to cause unexpected database interactions or limited...

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. Version 3.6.3 of WGCloud contains a security vulnerability. This vulnerability stems from a connection testing feature in the backend database management system, which...

CVE-2026-30404

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had an SQL injection vulnerability. This vulnerability stemmed from the retrieve function in the include/OutboundEmail/OutboundEmail.php file, which failed to...

SQLBot 安全漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot 1.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by storage-based prompt injection attacks, which could allow attackers to hijac...

ROS-20260319-73-0031

Vulnerability in glpi related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

PT-2026-26451

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize...

AnythingLLM SQL Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...

PT-2026-26430

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the field function parameter received...

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

Devome GRR 安全漏洞

Devome GRR is a data collection and analysis platform for forensic analysis and incident response developed by the French company Devome. Version 4.5.0 of Devome GRR contains a security vulnerability. This vulnerability stems from insufficient validation of the referer and user-agent parameters i...

CVE-2026-30404

The CVE-2026-30404 entry concerns wgcloud v3.6.3, where the backend database management connection test feature is vulnerable to server-side request forgery (SSRF). The vulnerability could allow the server to initiate requests to internal networks, remotely download malicious files, and perform o...

Linux Distros Unpatched Vulnerability : CVE-2026-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying t...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 contained an SQL injection vulnerability. This vulnerability occurred when creating or editing reports, where the fieldfunction parameter in the POST data was saved...

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. WGCloud versions 3.6.3 and earlier have security vulnerabilities. These vulnerabilities stem from the test connection feature in backend database management, which...

FreeBSD : UniFi Network Application - Multiple vulnerabilities (71b4ce56-23c5-11f1-b865-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 71b4ce56-23c5-11f1-b865-b42e991fc52e advisory...

UniFi Network Application - Multiple vulnerabilities

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b reports: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. A...

CVE-2026-32730 ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

CVE-2026-32730

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...