PT-2026-7257

Name of the Vulnerable Software and Affected Versions Simcenter Femap versions prior to 2512 Simcenter Nastran versions prior to 2512 Description The applications contain an out of bounds read issue when processing specially created NDB files. This could potentially allow an attacker to execute...

PT-2026-7254

Name of the Vulnerable Software and Affected Versions Simcenter Femap versions prior to 2512 Simcenter Nastran versions prior to 2512 Description The applications contain an out of bounds read issue when processing specially crafted XDB files. This could allow an attacker to execute code within t...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from issues wit...

Flowring Agentflow 安全漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a security vulnerability that stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read, modify, and delete...

PT-2026-7269

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

SQL Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to SQL Injection via the criteriaorderBy parameter in the JSON body provided to the element-indexes/get-elements endpoint. A user with Control Panel permission can execute SQL commands by...

CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy]

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

CVE-2026-2161

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

AI chat app leak exposes 300 million messages tied to 25 million users

An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when manipulating or using queries with federated objects (CVE-2025-14689)

Summary IBM® Db2® federated server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. Vulnerability Details CVEID:CVE-2025-14689 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2...

CVE-2026-2225

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-2225

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-2236

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-2223

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initia...

CVE-2026-2236 HGiga｜C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-2236

CVE-2026-2236 affects C&Cm@il by HGiga. The provided documents describe an unauthenticated SQL Injection in the web application that enables reading database contents. No explicit root-cause details or affected versions are given beyond the product name. Exploitation status is not detailed beyond...

CVE-2026-2236

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-2235

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-2235 HGiga｜C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...