GHSA-45RP-9P97-H852 NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the MySQL, PostgreSQL, and Microsoft SQL nodes due to improper escaping of identifier values. An attacker can execute arbitrary SQL commands by supplying specially crafted table or...

GHSA-F3F2-MCXC-PWJX n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...

n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...

CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

CakePHP 5.3.2 Released

CakePHP 5.3.2 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.2. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...

[SECURITY] Fedora 43 Update: roundcubemail-1.6.13-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2025-15585

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...

CVE-2025-15585

Fileflows CVE-2025-15585 affects Fileflows versions before 25.05.2. An authenticated SQL injection flaw exists in the library-file search function when using MySQL as the backend database. Successful exploitation could lead to privilege escalation or data exfiltration. No exploitation details are...

filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity

Point.MultiScalarMult failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result. If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver wa...

CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2

CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2. A patched version of the package is available...

CVE-2026-25923

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

OPENSUSE-SU-2026:20193-1 Security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc

This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc fixes the following issues: Changes in orthanc: - dcmtk 370 breaks TW...

CVE-2026-21941 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21941 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21936 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21936 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21937 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21937 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21968 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21968 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1

CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...