[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

agno SQL注入漏洞

Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Version 2.6.5 of Agno contains a SQL injection vulnerability. This vulnerability stems from SQL injections in the ClickHouse vector database backend,...

Kados R10 GreenBee SQL注入漏洞

Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the featureid parameter in boardsbuttons/updatefeature.php is not cleaned properly, resulti...

PT-2026-44877

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick lat and tick lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

PT-2026-44870

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log activity function. Attackers can send POST requests to /index.php/user/log activity with malicious SQL code ...

PT-2026-44760

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

PT-2026-44881

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city graph.php with crafted SQL payloads to extract sensitive databas...

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the namakelompok POST parameter, which may allow...

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

PT-2026-44872

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...

PT-2026-44879

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever graph.php with crafted SQL payloads to extract sensitive databa...

Bolt CMS 安全漏洞

Bolt CMS is an open-source content management system based on PHP, developed by Bolt CMS. Versions of Bolt CMS 3.7.0 and earlier contain security vulnerabilities, which stem from SQL injection vulnerabilities in the order parameter of the content list page. Attackers with low privileges and...

CVE-2026-39229

Bolt CMS up to version 3.7.0 is affected by an SQL Injection in the order parameter of content listing pages, exploitable by an authenticated attacker with low privileges via the OrderDirective component. This can lead to extraction of sensitive information. The CVSS 3.1 base score is 6.5 (Medium...

PT-2026-44757

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

Maxon ERP SQL注入漏洞

Maxon ERP is an ERP software developed by Maxon ERP Corporation. The SQL injection vulnerability exists in versions 8.x to 9.x of Maxon ERP Software. This vulnerability stems from the nomor, user, and jenis parameters in the logactivity function, which may allow authenticated users to execute...

PT-2026-44864

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI web-based graphical interface. Versions of FreePBX prior to 16.0.50 and 17.0.11 contained a SQL injection vulnerability. This vulnerability stemmed from the CDR Reports...

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

📄 OpenCATS 0.9.7.4 SQL Injection

OpenCATS version 0.9.7.4 suffers from a remote SQL injection vulnerability. Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else...

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ticklat and tickln...