134 matches found
CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
EUVD-2026-39752
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...
CVE-2026-48772
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...
CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2026-48773
Summary of CVE-2026-48773 : ProxySQL (versions 2.0.18–3.0.8) contains a pre-authentication heap memory corruption in the MySQL/PostgreSQL protocol first-read paths. A remote, unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length t...
PT-2026-51016
Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...
CVE-2026-48886
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
EUVD-2026-36860
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
PT-2026-49491
Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.0.10 Description Broken Access Control allows unauthenticated users to bypass security restrictions. Recommendations Update to version 3.0.10 or later...
PT-2026-49490
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
CVE-2026-42276
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...
WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by sequenceX0 in WordPress Plugin JS Help Desk versions = 3.0.9...
PT-2026-51015
Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.0 through 3.0.8 Description The MySQL frontend incorrectly processes the PROXY UNKNOWN r PP1 frame of the PROXY protocol v1. According to the specification, when the protocol token is UNKNOWN, the receiver must ignore...
CVE-2026-42276 Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...
CVE-2026-40490
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
Async Http Client 安全漏洞
Async Http Client is an open-source Java-based asynchronous HTTP and WebSocket client library developed by AsyncHttpClient. Versions prior to 3.0.9 and 2.14.5 of Async Http Client had security vulnerabilities. These vulnerabilities stemmed from the redirection process, where authorization headers...
AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects
Impact When redirect following is enabled followRedirecttrue, AsyncHttpClient forwards Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and...
EUVD-2026-11860
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...
CVE-2026-32366
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...