CVE-2026-40824

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

GHSA-P9W4-585H-G3C7 biscuit-auth vulnerable to public key confusion in third party block

Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it: - the public key of the previous block used in the signature - t...

MariaDB 10.1.x < 10.1.7 Multiple Vulnerabilities

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.7. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the baselistiterator::nextfast function within file sql/sqlparse.cc when handling multi-table updates. An...

CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service crash or hang via multiple threads that simultaneously alter MERGE table UNIONs...