CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

EUVD-2026-7398

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

CVE-2026-27461

Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

injectproof

InjectProof The SQL injection scanner that finds what sqlma...

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

CVE-2026-21864 Remote DoS from malformed RESTORE command

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

EUVD-2026-7461

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability of...

PT-2026-21594

Name of the Vulnerable Software and Affected Versions itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0 Description A security issue exists in itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0. The issue involves SQL injection within the...

PearProject SQL注入漏洞

PearProject is a project management system backend interface developed by Vilson as an individual project. Versions of PearProject 2.8.10 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the improper handling of the projectCode parameter in the dateTotalForProject...

389-ds-base security update

3.1.3-7 - Bump version to 3.1.3-7 - Resolves: RHEL-117764 - Replication online reinitialization of a large database gets stalled. rhel-10.1.z - Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with IDL scan limit at INTMAX rhel-10.1.z - Resolves: RHEL-123281 - The new...

PT-2026-21670

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.11.1 Description A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side whe...

InSAT MasterSCADA BUK-TS SQL注入漏洞

InSAT MasterSCADA BUK-TS is an industrial automation control component developed by the Russian company InSAT. InSAT MasterSCADA BUK-TS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the main web interface, which may lead to remote code execution...

Pimcore SQL注入漏洞

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications for web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 11.5.14.1 and 12.3.2, as well as earlier...

TIK-SOFT多款产品 信任管理问题漏洞

TIK-SOFT Finka-FK is a product of the Polish company TIK-SOFT. TIK-SOFT Finka-FK is a financial accounting software. TIK-SOFT Finka-KPR is a financial management software. TIK-SOFT Finka-Płace is a human resources and payroll management software. Several TIK-SOFT products have vulnerabilities...

PT-2026-21765

Name of the Vulnerable Software and Affected Versions Finka-FK versions prior to 18.5 Finka-KPR versions prior to 16.6 Finka-Płace versions prior to 13.4 Finka-Faktura versions prior to 18.3 Finka-Magazyn versions prior to 8.3 Finka-STW versions prior to 12.3 Description The Finka software suite...