AgenticMail API/storage and outbound relay hardening fixes

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-361...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the SQLManager.validateJdbcUrl logic in SQLManager. An attacker can trigger unsafe JDBC connection handling by supplying a PostgreSQL URL with dangerous parameters such as socketFactory, sslfactory, or...

CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

PT-2026-33213

Name of the Vulnerable Software and Affected Versions graphql-go versions prior to 15.31.5 Description The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries containing numerous repeated fields that share the same response name. Specifically, t...

CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the query validation. An authenticated user can access sensitive field values by wrapping...

CVE-2022-42424

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...

Path Traversal

Liferay Portal is vulnerable to path traversal. The vulnerability is due to improper validation of query strings in the ComboServlet, which allows an attacker to access arbitrary CSS/JS files and repeatedly load them to exploit the system...

EUVD-2025-10289

Malicious code in bioql PyPI...

EUVD-2022-38737

Malicious code in bioql PyPI...

EUVD-2024-44446

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-30192

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

CVE-2025-29784 NamelessMC Has Lack of Length Validation for s Parameter in GET Requests

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...

CVE-2025-32380

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

CVE-2025-31496

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query validation that could lead to resource consumption and denial of service...

CVE-2025-31496

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...