Security update 5.0.7 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

SUSE-SU-2026:1012-1 Security update 5.0.7 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter

Impact An attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate $group pipeline stage or the distinct operation. This allows privilege escalation from Parse Server application-lev...

SUSE-SU-2026:20820-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

EUVD-2026-13543

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

CVE-2026-32622

SQLBot (versions ≤ 1.5.x) exposes a Stored Prompt Injection vulnerability consisting of three chained flaws: (1) missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, (2) unsanitized storage of terminology descriptions containing dangero...

EUVD-2026-12253

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the postgres service, which listens on TCP port 5432 by...

CVE-2026-4191

CVE-2026-4191 affects JawherKl node-api-postgres (up to v2.5). The Profile Picture Handler’s index.js path.extname function is manipulated, causing unrestricted upload. Attack is remote and exploit has been published; vendor did not respond. No remediation details are provided in the supplied doc...

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4191 JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4190

JawherKl node-api-postgres (up to 2.5) is affected by a SQL injection in User.getAll (models/user.js) caused by unsafely manipulated sort argument. The vulnerability allows remote execution, and public exploit code is available. Vendor was contacted but no response. No remediation details are pro...

CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...