CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

EUVD-2026-14516

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL...

CVE-2025-14200 alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting

A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possibl...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...

Active Record component in Ruby on Rails has a data-type injection vulnerability

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Optimizer component of the MySQL database management system is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

Heybbs has a universal password login vulnerability

HEYBBS is a front-end based on bootstrap+jq+css,back-end php+mysql development of micro-community programs. Heybbs has a universal password login vulnerability that can be exploited by attackers to obtain sensitive database information...

Directory Traversal Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS has a directory traversal vulnerability that can be exploited by an attacker to view the list of...

Vulnerability of the Server component: The Replication function of the MySQL database management system, which allows attackers to alter file access rights or cause service interruptions.

The vulnerability of the Server: Replication component of the Oracle MySQL database management system is related to insufficient access control. Exploiting this vulnerability could allow an attacker to modify file access rights or cause service interruptions...

The vulnerability of the MySQL database management system allows attackers to manipulate the accessibility of information.

The vulnerability of the MySQL database management system is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise accessibility by affecting the InnoDB server...

The vulnerability of the MySQL database management system allows attackers to manipulate the accessibility of information.

The vulnerability of the MySQL database management system is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise accessibility by affecting the FTS server...