CVE-2026-40342

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

UBUNTU-CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

CLEANSTART-2026-AV02020 Redis is an open source, in-memory database that persists on disk

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which ste...

EUVD-2023-32480

Malicious code in bioql PyPI...

EUVD-2024-29123

Malicious code in bioql PyPI...

EUVD-2021-28238

Malicious code in bioql PyPI...

EUVD-2023-2760

Malicious code in bioql PyPI...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2. Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the...

CVE-2023-38502

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server that stems from a buffer overflow that could...

MonetDB Server SQL Injection Vulnerability (CNVD-2025-05227)

MonetDB is MonetDB open source an open source column-oriented relational database management system . A SQL injection vulnerability exists in the expvaluessetsupertype component of MonetDB version 11.49.1, which can be exploited by an attacker to cause a denial of service via a specially crafted...

Sucms 安全漏洞

Sucms is a completely open source and free PHP+MYSQL system by China Subianji team. A security vulnerability exists in Sucms v1.0, which stems from a server-side request forgery in the adminwebgather.php component that allows access to internal data and services...

Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-31004)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the dateexpense parameter in /dets/add-expense.php. No details ...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02319)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02437)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...

Exment 安全漏洞

Exment is Exceedone's open source simple, easy, lightweight, free web database. A security vulnerability exists in Exment versions 6.1.4 and earlier and 5.0.11 and earlier, which stems from an incorrect assignment of permissions to critical resources and a stored cross-site scripting vulnerabilit...

Oracle MySQL Denial of Service Vulnerability (CNVD-2024-20808)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker could exploit this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...