CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37182

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37181 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

EUVD-2026-2517

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

CVE-2025-14615

CVE-2025-14615 affects the DASHBOARD BUILDER – WordPress plugin for Charts and Graphs (versions ≤ 1.5.7). Wordfence and other sources confirm a CSRF flaw due to missing nonce validation in dashboardbuilder-admin.php, enabling unauthenticated attackers to forge requests that alter the stored SQL q...

CVE-2026-0501

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise Financials General Ledger, an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of...

EUVD-2026-2633

EUVD-2026-2633...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...

Refugee Food Management System SQL Injection Vulnerability

Refugee Food Management System is a refugee food management system. Refugee Food Management System suffers from a SQL injection vulnerability that stems from the incorrect manipulation of parameter a in the file /home/addusers.php, no details of the vulnerability are available at this time...

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

HPE EdgeConnect SD-WAN Orchestrator 安全漏洞

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform from HPE America. It provides complete visibility and control over the WAN. A security vulnerability exists in HPE EdgeConnect SD-WAN Orchestrator that stems from a SQL injection in the web management interface, which...

EUVD-2026-2514

Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the mpegl3encode.c file...

MiracleLinux 3 : dbmail-2.2.5-1.8AXS3 (AXSA:2008-85:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-85:01 advisory. Description of problem: Dbmail is the name of a group of programs that enable the possibility of storing and retrieving mail messages from a database. DBMail...

MiracleLinux 4 : samba-3.5.10-116.AXS4 (AXSA:2012-543:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-543:03 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printer...

MiracleLinux 3 : vixie-cron-4.1-81.AXS3 (AXSA:2012-254:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-254:01 advisory. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron adds...

MiracleLinux 3 : mysql-5.0.77-4.2.1.AXS3 (AXSA:2010-125:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-125:02 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

MiracleLinux 4 : perl-DBD-Pg-2.15.1-4.AXS4 (AXSA:2012-750:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-750:01 advisory. An implementation of DBI for PostgreSQL for Perl. Security issues fixed with this release: CVE-2012-1151 No description available at the time of writing, plea...

Security Updates for Microsoft SQL Server (January 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...

MiracleLinux 3 : nss_db-2.2-35.4.AXS3 (AXSA:2010-227:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-227:01 advisory. Nssdb is a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol,...