CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

CVE-2026-0616 CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

CVE-2026-0616

CVE-2026-0616 concerns The Librarian’s web_fetch tool, which can be used to retrieve the Adminer interface content and potentially log into the internal TheLibrarian backend system. The vulnerability is described across multiple connected sources as enabling access to internal infrastructure and ...

PT-2026-3250

Name of the Vulnerable Software and Affected Versions TheLibrarians affected versions not specified Description The web fetch tool within TheLibrarians allows retrieval of the Adminer interface content, potentially enabling unauthorized access to the internal TheLibrarian backend system. This...

The Librarian security vulnerability

The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from the webFetch tool’s ability to retrieve content from the Adminer interface, potentially allowing access to internal backend systems...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076

LimeSurvey 6.13.0 is affected by an information-exposure issue triggered by malformed session cookies, causing HTTP 500 errors that leak internal backend details. The reports consistently specify exposure of backend stack elements such as the Yii framework, the MySQL/MariaDB engine, table name li...

HackerOne: Ability to escape database transaction through SQL injection, leading to arbitrary code execution

HackerOne has an internal backend interface that gives debugging capabilities to its engineers. One of the features is the ability to run EXPLAIN ANALYZE queries against a connected database. This feature is accessible by a handful of engineers. The feature is vulnerable to a SQL injection that...

PT-2019-14872 · Celery · Flower

Name of the Vulnerable Software and Affected Versions: Flower version 0.9.3 Description: The issue concerns a potential XSS via the name parameter in an @app.task call. However, the project author disputes the validity of this issue, stating that worker and task names are internal backend...