EUVD-2026-31226

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service...

CVE-2026-44047

CVE-2026-44047 affects Netatalk 3.1.0–4.4.2 and is an SQL injection in the MySQL CNID backend. The root cause is improper handling of input in CNID MySQL backend, leading to unauthorized data access, data modification, or DoS when exploited by a remote authenticated attacker. Fixed in 4.4.3; reme...

RUSTSEC-2026-0138 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...

CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...

EUVD-2013-4438

Malware in sbrugna...

Exploit for SQL Injection in Dimdavid File_Provider

CVE-2025-4578 File Provider = 5.0.12 time-based blind - Parame...

DEBIAN-CVE-2014-7210

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected...

Exploit for SQL Injection in Eniture Ltl_Freight_Quotes

CVE-2024-13485 LTL Freight Quotes – ABF Freight Edition = 5.6...

Exploit for CVE-2024-12270

CVE-2024-12270 Beautiful Taxonomy Filters = 5.1 AND string err...

Exploit for SQL Injection in Quantumcloud Wpbot

CVE-2023-5204 AI ChatBot = 4.8.9 - Unauthenticated SQL Inj...

SUSE CVE-2014-5251

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

Coppermine Gallery 1.5.44 Directory Traversal

Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. A...

Debian DLA-492-1 : pdns security update

It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. For Debian 7 'Wheezy', these problems have been fixed in version 3.1-4.1+deb7u1. Note that if you're running the pdns server with the mysql...

I-net Multi User Email Script SQLi Vulnerability

No description provided by source. Name : I-net Multi User Email Script SQLi Vulnerability Date : june, 27 2010 Critical Level : HIGH Vendor Url : http://www.i-netsolution.com/ Google Dork: inurl:/jobsearchengine/ Author : Sid3^effects aKa HaRi shellc99atyahoo.com special thanks to : r0073r...

I-net Multi User Email Script SQLi Vulnerability

I-net Multi User Email Script SQLi Vulnerability. Webapps exploit for linux platform Name : I-net Multi User Email Script SQLi Vulnerability Date : june, 27 2010 Critical Level : HIGH Vendor Url : http://www.i-netsolution.com/ Google Dork: inurl:/jobsearchengine/ Author : Sid3^effects aKa HaRi...

I-Net Multi User Email Script SQL Injection

================================================== I-net Multi User Email Script SQLi Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' ...