CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

PT-2026-29356

Name of the Vulnerable Software and Affected Versions Alerta versions prior to 9.1.0 Description Alerta, a monitoring tool, had a SQL injection issue in the Query string search API. The vulnerability stemmed from directly interpolating user-supplied search terms into SQL strings via f-strings whe...

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

SUSE-SU-2026:1141-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: - Version 5.2.6-0 Update translation strings uyuni-tools: - Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after...

SUSE-SU-2026:1140-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: - Version 5.2.6-0 Update translation strings uyuni-tools: - Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after...

openSUSE Security Advisory (SUSE-SU-2026:1068-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

Fedora 44 : roundcubemail (2026-9b0f520716)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b0f520716 advisory. Version 1.7-rc5 - Password: Add nt-binary hashing method 10096 - Fix URL matching for domain names with port numbers 10105 - Fix PHP fatal error when using...

Security update for salt (important)

openSUSE security update: security update for salt ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20412-1 Rating: important References: bsc1240532 bsc1246130 bsc1254325 bsc1254903 bsc1254904 bsc1254905 Cross-References: CVE-2025-13836 CVE-2025-6772...

SUSE SLES15 / openSUSE 15 Security Update : pgvector (SUSE-SU-2026:1068-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1068-1 advisory. This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNS...

GHSA-98C2-4CR3-4JC3 n8n has SQL Injection in Data Table Node via orderByColumn Expression

Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement...

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution RCE as the postgres user...

CVE-2026-31871

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

Security update for pgvector

This update for pgvector fixes the following issue: Update to pgvector 0.8.2: CVE-2026-3172: Buffer overflow in parallel HNSW index build bsc1258945. Changelog: Fixed Index Searches in EXPLAIN output for Postgres 18 Patch Instructions: To install this SUSE update use the SUSE recommended...

RHEL 9 : Satellite 6.17.7 Async Update (Important) (RHSA-2026:5970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5970 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...