CVE-2026-44349

Daptin CVE-2026-44349: The fuzzy search path on /api/ accepts a user-supplied column list and interpolates it into raw SQL without a column whitelist, enabling an authenticated user to read the entire database on vulnerable versions. Affected component: processFuzzySearch in server/resource/resou...

GHSA-92GP-JFGX-9QPV Hyperterse: Raw exposure of database statements in MCP search tool

Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute. The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL...

Unparsed Raw Web Content Delivery

Overview hyperterse is an A declarative interface to connect your database to your AI agents Affected versions of this package are vulnerable to Unparsed Raw Web Content Delivery in the search process. An attacker can gain unauthorized access to raw SQL queries by submitting search requests,...

Hyperterse: Raw exposure of database statements in MCP search tool

Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute. The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL...

Malicious code in ecinc-cloud-moaxmpp (npm)

Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific...

Resource Exhaustion

Overview Affected versions of this package are vulnerable to Resource Exhaustion when handling specially crafted p2p messages. A vulnerable node can be made to consume very large amounts of memory. Remediation Upgrade github.com/microstack-tech/parallax/core/rawdb to version 0.1.4 or higher...

PunBB 1.4.4 Database Disclosure

From https://j.ludost.net/blog/archives/2019/11/11/minorsecurityissueinpunbbwithsqlite/index.html Minor security issue in punbb with SQLite Georgi Guninski security advisory 76, 2019 Running punbb-master from https://github.com/punbb/punbb from Thu 07 Nov 2019 11:23:33 AM UTC Installing on...

Symantec Sygate Management Server - 'LOGIN' SQL Injection (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

Symantec Sygate Management Server (login) SQL Injection Exploit

Exploit for cgi platform in category web applications =============================================================== Symantec Sygate Management Server login SQL Injection Exploit =============================================================== This file is part of the Metasploit Framework and may...

Symantec Sygate Management Server - LOGIN SQL Injection (Metasploit)

Symantec Sygate Management Server - LOGIN SQL Injection Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...