233676 matches found
CVE-2026-34187
The CVE-2026-34187 vulnerability affects Pandora FMS, specifically versions 777 through 800. It is described as an improper neutralization of special elements used in an SQL command, enabling SQL Injection via a graph container parameter. According to the NVD metrics, the issue has a CVSS v3.1 ba...
CVE-2026-34187 SQL Injection in Graph Container Parameter
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8111
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...
CVE-2026-8111
CVE-2026-8111 describes an SQL injection in the web console of Ivanti Endpoint Manager prior to 2024 SU6. The vulnerability allows a remote authenticated attacker to achieve remote code execution via the web console, as indicated by the description and CVSS metrics (High, 8.8). Affected product: ...
CVE-2026-38567
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...
CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
CVE-2026-32687
CVE-2026-32687 describes an SQL injection in elixir-ecto postgrex via Elixir.Postgrex.Notifications.listen/3 and unlisten/3. The channel argument is interpolated directly into LISTEN/UNLISTEN statements without escaping quotes, enabling an attacker who controls the channel name to inject arbitrar...
EEF-CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Summary Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
CVE-2026-43937
Summary: CVE-2026-43937 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5. An admin handler (OnPost… in /Admin/RunSql) can bypass authorization due to PageSecurityCheckAttribute executing after the handler, allowing arbitrary SQL execution via IDbAccess.RunSql when a low-privileged user posts ...
CVE-2026-43937 YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...
CVE-2026-43937 YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...
KB5089899 - Description of the security update for SQL Server 2025 CU4: May 12, 2026
KB5089899 - Description of the security update for SQL Server 2025 CU4: May 12, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update Ho...
KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026
KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...
SQL Server Remote Code Execution Vulnerability
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026
KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information...
KB5089271 - Description of the security update for SQL Server 2016 SP3 GDR: May 12, 2026
KB5089271 - Description of the security update for SQL Server 2016 SP3 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...
KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026
KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary...
KB5090407 - Description of the security update for SQL Server 2019 CU32: May 12, 2026
KB5090407 - Description of the security update for SQL Server 2019 CU32: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information...