AgenticMail API/storage and outbound relay hardening fixes

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

EUVD-2026-17349

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

PT-2026-29215

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

PT-2026-28472

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. A hidden query parameter, ?debug=true, within the Recipe API endpoint reveals the complete raw S...

EUVD-2026-11617

Hyperterse: Raw exposure of database statements in MCP search tool...

CVE-2026-31841

Hyperterse prior to v2.2.0 exposes raw SQL queries in search results, leaking statements intended to run covertly. Affects the Hyperterse tool-first MCP framework’s search component; vulnerability arises from returning executed-under-the-hood SQL alongside results. Impact per CVSS: Confidentialit...

PT-2026-25015

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...

MongoDB Server 安全漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.5,...

SUSE CVE-2017-9103

An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

DEBIAN-CVE-2017-9103

An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...

UBUNTU-CVE-2017-9103

An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...

PT-2020-8501 · Adns +2 · Adns +2

Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2 Description: An issue in pap mailbox822 does not properly check st from adns findlabel next, potentially allowing an attacker to crash the program, leak memory contents, allocate excessive memory, or overrun a...

Cross-site Scripting (XSS)

akka-http is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as raw queries were being shown on the error message, allowing XSS attacks...