Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

NPM: n8n Has a Source Control Pull SQL Injection

NPM: n8n Has a Source Control Pull SQL Injection vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

n8n Has a Source Control Pull SQL Injection

Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection ...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the refint process. An attacker can execute arbitrary code as the operating system user running the database or execute arbitrary SQL as the database user performing a primary key update by providing...

Improper Neutralization of Special Elements in Data Query Logic

Overview @strapi/strapi is an updated version of the old 'strapi', which is a free and open-source headless CMS delivering your content anywhere you need. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the query parameter...

GHSA-9MHV-8H52-Q7Q2 Absinthe: Quadratic fragment-name uniqueness check

Summary An unauthenticated attacker can stall an Absinthe-backed GraphQL endpoint by submitting a query that contains many fragment definitions. The fragment-name uniqueness validation phase is ON² in the number of fragments, so a single modestly-sized request burns seconds of CPU per worker, and...

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

CVE-2026-6575 PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...

CVE-2025-11024 SQLi in Akıllı Ticaret's E-Commerce Pack

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2026-6206

The MW WP Form plugin for WordPress (versions

jq: stack overflow in module loading on mutual `include`

...

CVE-2026-6225

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2026-6225

The CVE concerns the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board . It is vulnerable to a time-based blind SQL Injection via the 'project_search' parameter in all versions up to and including 5.0.6 , caused by insufficient escaping and inadequate prep...

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Directory Kit versions = 1.5.1...

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

EUVD-2026-30203

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...