CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

[SECURITY] Fedora 43 Update: roundcubemail-1.6.13-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

PT-2026-21320

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

Part-DB SQL注入漏洞

Part-DB is an open-source web-based database designed for managing electronic components. Version 0.4 of Part-DB contains a SQL injection vulnerability. This vulnerability stems from SQL injection attacks on authentication parameters, which could allow unverified attackers to bypass authenticatio...

WordPress plugin Electio Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Nestbyte Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-20989

Name of the Vulnerable Software and Affected Versions calibre versions 9.2.1 and below Description calibre is a cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are susceptible to a Path Traversal issue through PDB readers,...

PT-2026-21315

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user name parameter o...

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability. This vulnerabilit...

WordPress plugin Emerce Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

Phpscriptsmall Fiverr Clone Script SQL注入漏洞

Phpscriptsmall Fiverr Clone Script is a set of software scripts developed by Phpscriptsmall. The Phpscriptsmall Fiverr Clone Script 1.2.2 version contains an SQL injection vulnerability. This vulnerability stems from the page parameter, which allows for SQL injections, potentially enabling...

SourceCodester Simple Responsive Tourism Website SQL注入漏洞

SourceCodester Simple Responsive Tourism Website is an open-source tourism website developed by SourceCodester. Version 1.0 of SourceCodester Simple Responsive Tourism Website has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter Username in the...

PT-2026-21317

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

PT-2026-21146

Name of the Vulnerable Software and Affected Versions don-themes Wolmart Core versions through 1.9.6 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. This allows for Blind SQL Injection. Th...

SolarWinds Database Performance Analyzer < 2025.3 Hard-coded Cryptographic Key (CVE-2025-26398)

According to its self-reported version, the SolarWinds Database Performance Analyzer DPA installation on the remote host is prior to 2025.3. It is, therefore, affected by a hard-coded cryptographic key vulnerability. If exploited, this vulnerability could allow a machine-in-the-middle MITM attack...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

CVE-2026-2744

...