Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-123 (ALASDOCKER-2026-123)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-123 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C...

itsourcecode Courier Management System SQL注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “s” in the file...

WordPress plugin Duplicate Page and Post SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-43602

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...

IBM Cloud APM 安全漏洞

IBM Cloud APM is an application performance monitoring and operations analysis platform provided by the American multinational company IBM. There are security vulnerabilities in the IBM Cloud APM Base Private 8.1.4 version and the IBM Cloud APM Advanced Private 8.1.4 version. These vulnerabilitie...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

PT-2026-43708

Name of the Vulnerable Software and Affected Versions IBM Cloud APM, Base Private version 8.1.4 IBM Cloud APM, Advanced Private version 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server affected versions not specified Description An authenticated user can cause a denial of...

PT-2026-43611

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43553

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43612

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the automated...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

CVE-2025-69600

CVE-2025-69600 affects RayVentory Raynet RVIA 12.6.4392.49-amd64.deb. Root cause is Argument Injection in an improperly terminated find command used to locate Java, enabling local attackers to execute arbitrary code via commands injected through getconfig, upload, or oracle options (and inventory...

PT-2026-43557

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-119 (ALASECS-2026-119)

The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-119 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

ROS-20260527-73-0004

Vulnerability in openbao due to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2025-69600

Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options...

PT-2026-44058

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4 Description The buildMatcherRegex and matches functions in packages/backend-core/src/middleware/matchers.ts compile route patterns into unanchored regular expressions and test them against ctx.request.url, whi...

PT-2026-43625

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...