Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2026-40369: Defensive Analysis of the 12-Byte Windows Kern...

MAL-2026-4429 Malicious code in @rui.branco/sentry-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

CVE-2026-48235

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

Incorrect Synchronization

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Incorrect Synchronization via the query.batch function. An attacker can access data belonging to other users by exploiting a race condition that causes concurrent requests from different...

GHSA-HGV7-V322-MMGR @sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

@sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

CVE-2026-48239

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tickid POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query...

CVE-2026-48235

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

EUVD-2026-31314

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

CVE-2026-48231

Open ISES Tickets prior to 3.44.2 contains a SQL injection in tables.php. The vulnerability arises because multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization, allowi...

RLSA-2026:3752 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...

Security Bulletin: IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query (CVE-2026-6938)

Summary IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query Vulnerability Details CVEID:CVE-2026-6938 DESCRIPTION: IBM Db2 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

Summary IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. Vulnerability Details CVEID:CVE-2026-6051 DESCRIPTION: IBM Db2 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

CVE-2026-39531 WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the extension failing to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-361...

CVE-2026-44047

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service...