SQL Injection

Django is vulnerable to SQL injection. The vulnerability is due to improper handling of column aliases containing periods in .QuerySet.orderby when used with FilteredRelation, where unsanitized alias values are included in generated SQL queries and attackers can exploit this by crafting a malicio...

WordPress SlimStat Analytics plugin <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via args Parameter vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Slimstat Analytics versions = 5.3.1...

CVE-2026-24326

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

CVE-2026-2093

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-0488

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-25814

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

[SECURITY] Fedora 42 Update: atuin-18.6.1-10.fc42

Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...

PT-2026-7684

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14676)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14670)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which originates from an improper allocation of...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14667)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14679)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from a possible server crash whe...

Unspecified Vulnerability in IBM Db2 (CNVD-2026-14677)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 that originates from improper neutralization of special...

PT-2026-7668

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

ASTPP 安全漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a security vulnerability. This vulnerability stems from information leakage, and it could allow unverified attackers to download database backup files by predicting the file name pattern...

PT-2026-7599

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

CVE-2026-25993

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

CVE-2026-25612

CVE-2026-25612 concerns the MongoDB server’s internal locking mechanism, which uses an internal resource encoding to decide locks. This can cause collisions between collections in that representation, leading to unavailability due to conflicting locks. Metrics indicate a high availability impact ...

Measuring AI Security: Separating Signal from Panic

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore...