Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016788 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing...

Unity Linux 20.1050e / 20.1070e Security Update: python-PyMySQL (UTSA-2026-017341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017341 advisory. PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict. Tenable has extracted the preceding...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016807 advisory. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016806 advisory. An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.ext...

CVE-2026-42287

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

CVE-2026-42287

Summary: CVE-2026-42287 affects Emlog before version 2.6.11, where direct SQL injection in article creation and update can occur via the log_model.php functions addLog() and updateLog(). The underlying issue is unsafeguarded SQL construction that allows attackers to execute arbitrary SQL commands...

EUVD-2026-28842

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

SQL Injection

Overview @mikro-orm/sql is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via improper...

@mikro-orm/entity-generator (>=7.0.0 <=7.0.14-dev.14), @mikro-orm/libsql (>=7.0.0 <=7.0.14-dev.14) +9 more potentially affected by CVE-2026-44680 via @mikro-orm/sql (>=7.0.0-dev.100 <=7.0.14-dev.9)

@mikro-orm/sql NPM version =7.0.0-dev.100, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.14-dev.14 - @reldens/cms =0.61.0 - @reldens/storage =0.93.0 Source cves: CVE-2026-44680 Source advisory: SNYK:JS-MIKROORMSQL-16624726...

GHSA-CFW5-68C4-FFQP MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

[SECURITY] [DSA 6256-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6256-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6255-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6255-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

SQL Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...