PT-2026-42228

Name of the Vulnerable Software and Affected Versions Drupal core versions 8.9.0 through 10.4.9 Drupal core versions 10.5.0 through 10.5.9 Drupal core versions 10.6.0 through 10.6.8 Drupal core versions 11.0.0 through 11.1.9 Drupal core versions 11.2.0 through 11.2.11 Drupal core versions 11.3.0...

TONNET E-LAN Hybrid Recording System SQL注入漏洞

TONNET E-LAN Hybrid Recording System is a hybrid voice recording management system designed for communication and call center scenarios by Tonnet International TONNET Company, Taiwan, China. The TONNET E-LAN Hybrid Recording System has a SQL injection vulnerability, which can allow unauthorized...

Fedora 43 : proftpd (2026-4ddb108952)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ddb108952 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

CVE-2026-44923

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

Drupal 10.x < 10.4.10 / 10.5.x < 10.5.10 / 10.6.x < 10.6.9 / 11.1.x < 11.1.10 / 11.2.x < 11.2.12 / 11.3.x < 11.3.10 Drupal Vulnerability (SA-CORE-2026-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.x prior to 10.4.10, 10.5.x prior to 10.5.10, 10.6.x prior to 10.6.9, 11.1.x prior to 11.1.10, 11.2.x prior to 11.2.12, or 11.3.x prior to 11.3.10. It is, therefore, affected by a vulnerability. -...

Fedora 44 : proftpd (2026-871243b391)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-871243b391 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

PT-2026-42194

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

Allocation of Resources Without Limits or Throttling

Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Parser, ParseContext, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree grow...

Uncontrolled Recursion

Overview sqlfluffrs is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deepl...

BillaBear is Vulnerable to SQL Injection in the EventRepository

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

GHSA-XP6R-8PCC-XV5P BillaBear is Vulnerable to SQL Injection in the EventRepository

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

CLSA-2026-1779204107 php: Fix of 6 CVEs

CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer overflow of char array offset in metaphone GHSA-96wq-48vp-hh57 - CVE-2026-7261:...

CLSA-2026-1779203719 php: Fix of 6 CVEs

CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer overflow of char array offset in metaphone GHSA-96wq-48vp-hh57 - CVE-2026-7261:...

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

py-waf

py-waf Python rever...

CVE-2026-8912

The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...

CVE-2026-42100

Technical details (affected products/versions, root cause, impact, mitigation) are not publicly available in the provided documents. Monitor for updates as new information may be published.

EUVD-2026-30932

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...