CVE-2026-25879

Langroid's CVE-2026-25879 affects the Langroid framework (SQLChatAgent) prior to v0.63.0. An attacker who can shape input to the agent can cause LLM-provided SQL to execute dialect-specific primitives such as COPY ... FROM PROGRAM, enabling Remote Code Execution on the database host when the data...

CVE-2025-68420

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

PT-2026-40902

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

CVE-2024-32010

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

CVE-2024-32010

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

PT-2023-30397 · Unknown · Dokmee Ecm

Name of the Vulnerable Software and Affected Versions: Dokmee ECM version 7.4.6 Description: The issue allows remote code execution due to the response to a "GettingStarted/SaveSQLConnectionAsync //gettingstarted" request containing a connection string for privileged SQL Server database access...

NetApp OnCommand API Services and Service Level Manager Information Disclosure Vulnerability

NetApp OnCommand API Services and Service Level Manager are both products of the U.S. NetApp OnCommand API Services is a set of API management tools.Service Level Manager is service content management software. An information disclosure vulnerability exists in NetApp OnCommand API Services versio...

CVE-2017-15518

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is...

PT-2016-2997 · Siemens · Sicam Pas

Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to a factory account with hard-coded passwords in SICAM PAS installations. This could allow attackers to gain privileged access to the database over Port 2638/TCP. The...

Siemens SICAM PAS Information Disclosure Vulnerability

SICAM PAS is an energy automation solution for the operation of substation equipment. It has open communication interfaces for power system control and control of industrial power supply equipment. An information disclosure vulnerability exists in Siemens SICAM PAS. An attacker with privileged...

CVE-2000-1235

The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...