Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

Exploit for CVE-2026-9082

CVE-2026-9082 / Drupal SA-CORE-2026-004 Proof of Concept...

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...

EUVD-2025-200249

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

EUVD-2025-27538

Malicious code in bioql PyPI...

CVE-2025-10226

Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...

AxxonSoft AxxonOne 安全漏洞

AxxonSoft AxxonOne is a video surveillance and security management software from AxxonSoft Ireland. A security vulnerability exists in AxxonSoft AxxonOne version 2.0.8 and earlier, which stems from a dependency on vulnerable third-party components in the PostgreSQL backend, and could lead to...

CVE-2018-25088

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

postgraas-server vulnerable to SQL injection

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

GHSA-VGHM-8CJP-HJW6 postgraas-server vulnerable to SQL injection

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

CVE-2018-25088

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

CVE-2018-25088

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

Sql injection

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

CVE-2018-25088 Blue Yonder postgraas_server PostgreSQL Backend postgres_cluster_driver.py create_postgres_db sql injection

A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...

PT-2023-10828 · Blue Yonder · Postgraas Server

Name of the Vulnerable Software and Affected Versions: Blue Yonder postgraas server versions up to 2.0.0b2 Description: A critical issue was found in the PostgreSQL Backend Handler component, specifically in the create pg connection/create postgres db function of the postgraas...

Red Hat Satellite Spoofing Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite version 5, which stem...

Debian Security Advisory DSA 1730-1 (proftpd-dfsg)

The remote host is missing an update to proftpd-dfsg announced via advisory DSA 1730-1. OpenVAS Vulnerability Test $Id: deb17301.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1730-1 proftpd-dfsg Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

[SECURITY] [DSA 1730-1] New proftpd-dfsg packages fix SQL injection vulnerabilites

------------------------------------------------------------------------ Debian Security Advisory DSA-1730-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 02, 2009 http://www.debian.org/security/faq -...