232 matches found
EUVD-2026-31657
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...
CVE-2026-9082: Mitigating a Critical SQL Injection Vulnerability in Drupal
Learn how the complex Drupal SQLi vulnerability CVE-2026-9082 exploits PostgreSQL environments and its data theft risks — and how to ensure you’re protected...
EUVD-2026-30866
The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...
PT-2026-41868
The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the REFRESH PUBLICATION process. An attacker can execute arbitrary SQL commands with the privileges of the publication-side credentials by crafting a malicious table name and triggering the process during logical...
CVE-2026-27851
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...
CVE-2026-27851
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
Summary PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. Details This issue affec...
EUVD-2026-28926
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...
GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed
Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...
CVE-2026-44337 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...
EUVD-2026-28594
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...
SUSE CVE-2026-41650
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...
PT-2026-39004
Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.4.1 through 4.6.33 Description PraisonAI is a multi-agent teams system that exposes optional SQL/CQL-backed knowledge-store implementations. These implementations build table and index identifiers using unvalidated name an...
PT-2026-38318
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.16 Description Improper handling of JSX element tag names in hono/jsx allows unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...
Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
Impact This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query operators in $eq to neutralize them. However, prior to the fix, $nor was not included in the set of logical operators that...
CVE-2026-27694 traccar allows stored HTML injection in notification emails
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-42233
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...
CVE-2026-42040
CVE-2026-42040 concerns Axios, a promise-based HTTP client for browser and Node.js. The vulnerability lies in the encode() function inside lib/helpers/AxiosURLSearchParams.js, where a character map (charMap) erroneously reverses safe percent-encoding of null bytes. Specifically, after encodeURICo...
PT-2026-34609
Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...