CVE-2026-21939

Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromise SQLcl. Successful attacks require human...

CVE-2025-58743

CVE-2025-58743 affects Milner ImageDirector Capture on Windows. The root cause is use of a broken/des outdated DES algorithm in the Password class within C2SConnections.dll, enabling encryption brute-forcing to obtain database credentials. Affected versions are ImageDirector Capture 7.0.9.0 up to...

CVE-2025-58743 Insecure Encryption Algorithms Enable Brute-Force Database Credential Access in Milner ImageDirector Capture

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58741

The CVE-2025-58741 entry concerns Milner ImageDirector Capture. Affected product/versions: ImageDirector Capture 7.0.9 through 7.6.3.25808. Issue: Insufficiently Protected Credentials vulnerability in the Credential Field allows retrieval of credential material and enables database access. Impact...

CVE-2025-58741 Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

CVE-2025-58741

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

CVE-2025-58741 Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

CVE-2025-58740

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

CVE-2025-58740

The vulnerability CVE-2025-58740 affects Milner ImageDirector Capture on Windows, where a hard-coded encryption key is used in C2SGlobalSettings.dll Password function. This allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. Affected versi...

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

GHSA-V4W8-49PV-MF72 ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion

Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

EUVD-2026-3295

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered...

GHSA-2497-GP99-2M74 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

GHSA-JW2V-CQ5X-Q68G Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted

Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...

EUVD-2026-3384

A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...