CVE-2025-58741

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

CVE-2026-21950

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2023-4091

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2026-21922

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

EUVD-2025-206314

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

CVE-2025-69285

SQLBot prior to v1.5.0 is affected by an authentication bypass in the /api/v1/datasource/uploadExcel endpoint. The endpoint is whitelisted, allowing remote unauthenticated uploads of Excel/CSV files, which are parsed and inserted into PostgreSQL via to_sql() with if_exists='replace'. This enables...

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (Nov 2025)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

EUVD-2026-3613

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

CVE-2021-47848 Blitar Tourism 1.0 - Authentication Bypass SQLi

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative...

CVE-2021-47846 Digital Crime Report Management System 1.0 - SQL Injection

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password...

CVE-2025-15043

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...

Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database

Summary Multiple vulnerabilities were addressed in Hyper Converged Database version 1.2.4 coming for base Docker images. Vulnerability Details CVEID:CVE-2019-12904 DESCRIPTION: In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical...

Vulnerabilities fixed in Oracle Database Server products

Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

EUVD-2026-3693

Not used...

Exploit for OS Command Injection in Exim

Cr.Exim 4.87 - 4.91 - Local Privilege Escalation Cr.Link: https...