data_analysis_exploitdb

No d...

CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Malicious Package

Overview primebeem-db is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-563 Malicious code in @nayzak51/primebeem-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eda80707c579faf8880cabeefa8ebf20fb33b076337d64cb93a3ebf6e210e29b The package @nayzak51/primebeem-db was found to contain malicious code. Source: ghsa-malware...

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

EUVD-2026-4905

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2026-24840

CVE-2026-24840 affects Dokploy PaaS. In versions prior to 0.26.6, the installation script at install.sh contains a hardcoded database credential (line 154), causing nearly all deployments to share the same password and enabling potential compromise of the database container. Red Hat/NVD/CVE listi...

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

PT-2026-5228

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A weakness exists in itsourcecode School Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the ID argument in the /course/index.php fil...

PT-2026-5045

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS. Installations prior to version 0.26.6 utilize a hardcoded password within the installation script, specifically at the provided URL:...

PT-2026-5225

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security issue exists in code-projects Online Music Site 1.0. Manipulation of the ID argument in the file /Administrator/PHP/AdminReply.php can lead to SQL injection. This issue is...

PT-2026-5218

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.0 Description An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint. This causes all database write operations to fail...

PT-2026-5167

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication,...

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect operations on the file /Administrator/PHP/AdminAddCategory.php, which may...

Dokploy Trust Management Vulnerability

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to trust management. This vulnerability stemmed from hard-coded credentials in the installation script, which could lead to the exposure of database credentials...