CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

CVE-2026-2553

A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results in sql injection...

CVE-2025-7631 Time-Based Blind SQLi in Tumeva Internet Technologies' Tumeva Prime News Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection. This issue affects Tumeva Prime News Software:...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

IBM DB2 Recovery Expert 代码问题漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. There are code-related vulnerabilities in IBM DB2 Recovery Expert; these vulnerabilities arise from failing to invalidate sessions after timeouts, which may lead to identity impersonation attacks...

IBM Db2 输入验证错误漏洞

IBM DB2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Version 5.5 Interim Fix 002 of IBM DB2 Recovery Expert for LUW contains a vulnerability related to input validation...

IBM DB2 Merge Backup 安全漏洞

IBM DB2 Merge Backup is a database-assisted backup tool developed by IBM. Version 12.1.0.0 of IBM DB2 Merge Backup for Linux, UNIX, and Windows contains a security vulnerability. This vulnerability stems from improper cleanup of resources in the buffer, which could allow attackers to access...

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. The version IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 contains a security vulnerability. This vulnerability arises from the transmission of data through plaintext communication channels, which may allow attackers to...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

PT-2026-20337

Name of the Vulnerable Software and Affected Versions Huace Monitoring and Early Warning System version 2.2 Description A weakness exists in Huace Monitoring and Early Warning System 2.2, specifically within an unknown functionality of the /Web/SysManage/ProjectRole.aspx file. Manipulating the ID...

PT-2026-20230

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2025-70828

Datart v1.0.0-rc.3 contains a vulnerability where the JDBC configuration’s url parameter allows attackers to execute arbitrary code. The issue is consistently described across Red Hat, CVE listings, and PT Security, identifying the affected component as the JDBC URL handling. Impact is described ...

PT-2026-20265

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...

Jorani 安全漏洞

Jorani is a vacation management system developed by Benjamin BALET of France. It aims to provide small organizations with a simple workflow for vacation and overtime requests. Jorani versions 1.0.4 and earlier contained security vulnerabilities, which were caused by improper handling of entity...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...