CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

EUVD-2026-23293

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

CVE-2026-6000

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The...

CVE-2026-5960

CVE-2026-5960 concerns a weakness in code-projects’ Patient Record Management System 1.0, affecting the file /db/hcpms.sql within the SQL Database Backup File Handler. The issue can lead to information disclosure and is exploitable remotely. The exploit is publicly available and categorized with ...

CVE-2026-5960 code-projects Patient Record Management System SQL Database Backup File hcpms.sql information disclosure

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The...

EUVD-2026-14516

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005379 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containin...

CVE-2025-15585

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...

[SECURITY] Fedora 43 Update: atuin-18.6.1-10.fc43

Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...

EUVD-2025-206357

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

MiracleLinux 7 : mysql55-mysql-5.5.52-1.el7 (AXSA:2016-716:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-716:03 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

[SECURITY] Fedora 42 Update: mariadb10.11-10.11.15-1.fc42

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

CVE-2021-31817

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

CVE-2022-38583

On versions of Sage 300 2017 - 2022 6.4.x - 6.9.x which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the...

CVE-2024-39701

Directus is a real-time API and App dashboard for managing SQL database content. Directus =9.23.0, =v10.5.3 improperly handles in, nin operators. It evaluates empty arrays as valid so expressions like "role": "in": $CURRENTUSER.somefield would evaluate to true allowing the request to pass. This...

CVE-2025-14200 alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting

A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possibl...

PT-2025-49414

Name of the Vulnerable Software and Affected Versions alokjaiswal Hotel-Management-services-using-MYSQL-and-php versions up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f Description A security issue exists in alokjaiswal Hotel-Management-services-using-MYSQL-and-php. The issue is related to cross...

CVE-2025-41076 Multiple vulnerabilities in Limesurvey

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

EUVD-2025-122629

Malicious code in request-event-antares-sqlite npm...