PT-2026-26096

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckan package search and sparql query that accept a base url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal...

VulnCheck KEV: CVE-2025-8868

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...

Travel Management System /updatepackage.php File SQL Injection Vulnerability

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter s1 in file /updatepackage.php. An attacker can exploit this vulnerability to execute...

Ubuntu: Security Advisory (USN-7530-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Code Injection in Langchain Langchain-Experimental

CVE-2024-21513 PoC for CVE-2024-21513 Original exploit documen...

CVE-2024-38289

TurboMeeting (R-HUB) versions through 8.x are affected by a boolean-based SQL injection in the Virtual Meeting Password (VMP) endpoint. The issue allows unauthenticated remote attackers to extract hashed passwords and authenticate via crafted SQL input. Affected software: RHUB TurboMeeting (up to...

jeecg SQL注入漏洞

Jeecg-Boot is a low-code platform based on a code generator. A SQL injection vulnerability exists in Jeecg-Boot v3.5.3 and earlier versions, which stems from a lack of validation of externally entered SQL statements in the component /jeecg-boot/jmreport/show. An attacker can exploit this...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

Important: Red Hat Security Advisory: cyrus-sasl security update

An update for cyrus-sasl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: cyrus-sasl security update

An update for cyrus-sasl is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CLSA-2022-1646061301 Fix of CVE: CVE-2022-24407

CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands rhbz2055846...

CLSA-2022-1646061219 Fixed CVE-2022-24407 in cyrus-sasl

CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands...

Important: Red Hat Security Advisory: cyrus-sasl security update

An update for cyrus-sasl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

ALSA-2022:0658 Important: cyrus-sasl security update

The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer SASL. SASL is a method for adding authentication support to connection-based protocols. Security Fixes: cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL...

RHEL 8 : cyrus-sasl (RHSA-2022:0658)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0658 advisory. The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer SASL. SASL is a method for adding authentication...

USN-5301-1: Cyrus SASL vulnerability

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

Elite Graphix Elite Cms SQL注入漏洞

Elite Graphix Elite Cms is a Web Content Management written in Php language by Elite Graphix India. A platform for storing and organizing information and documents. Elite Graphix Elite Cms suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL...

GHSA-PGHF-347X-C2GJ SQL Injection via in django-debug-toolbar

Impact With Django Debug Toolbar attackers are able to execute SQL by changing the rawsql input of the SQL explain, analyze or select forms and submitting the form. NOTE: This is a high severity issue for anyone using the toolbar in a production environment. Generally the Django Debug Toolbar tea...

PNPSCADA SQL Injection Vulnerability

A SQL injection vulnerability exists in PNPSCADA that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...

YouPHPTube SQL Injection Vulnerability

YouPHPTube is a PHP-based video website system. A SQL injection vulnerability exists in YouPHPTube version 7.6, which stems from a lack of validation of externally entered SQL statements in database-based applications, and can be exploited by attackers to execute illegal SQL commands...