Tag

Database

9 briefs RSS

Agno 2.6.5 ClickHouse Backend SQL Injection (CVE-2026-10105)

Agno 2.6.5 is vulnerable to SQL injection in the ClickHouse vector database backend (CVE-2026-10105), enabling attackers to inject arbitrary SQL expressions via malicious metadata in the delete_by_metadata() method, potentially leading to data deletion or information extraction.

agno 2.6.5 sql-injection cve-2026-10105 database

2r 1t 1c 3w ago

critical advisory

CVE-2026-46833: Oracle Database Server Net Service Takeover

2 rules 1 CVE

CVE-2026-46833 allows an unauthenticated attacker with network access via TLS to compromise the Net Service component of Oracle Database Server versions 23.4.0 through 23.26.2, potentially leading to takeover of the Net Service and significant impact on other products.

Database Server +1 cve oracle database netservice rce network

2r 1c 3w ago

critical advisory

Multiple Vulnerabilities in Oracle MySQL

2 rules

A remote, anonymous, or authenticated attacker can exploit multiple vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

MySQL vulnerability database exploitation

2r 3w ago

high advisory

Open ISES Tickets Hardcoded MySQL Credentials Vulnerability (CVE-2026-48241)

2 rules 1 TTP 1 CVE

Open ISES Tickets before version 3.44.2 contains hardcoded MySQL database credentials in loader.php, allowing an attacker with access to the source code or the file on a deployed installation to read the username, password, and database name and use them to connect to the database (CVE-2026-48241).

Tickets < 3.44.2 cve hardcoded credentials vulnerability database

2r 1t 1c May 21, 2026

high advisory

Anviz CrossChex Standard TDS7 PreLogin Encryption Vulnerability

2 rules 1 TTP 1 CVE 1 IOC

Anviz CrossChex Standard is vulnerable to unauthorized database access due to the manipulation of TDS7 PreLogin, which disables encryption, leading to plaintext transmission of database credentials.

cve-2026-32650 credential-access database

2r 1t 1c 1i Apr 18, 2026

high advisory

Firebird Server Denial-of-Service Vulnerability (CVE-2026-28224)

2 rules 1 TTP 1 CVE

An unauthenticated attacker can trigger a denial-of-service condition on vulnerable Firebird servers by sending a specially crafted op_crypt_key_callback packet, leading to a null pointer dereference and server crash.

cve-2026-28224 denial-of-service firebird database

2r 1t 1c Apr 18, 2026

critical advisory

Firebird Path Traversal Vulnerability Leads to Code Execution (CVE-2026-40342)

2 rules 2 TTPs 1 CVE

An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14, to load an arbitrary shared library leading to code execution as the server's OS account.

firebird path-traversal code-execution cve-2026-40342 database

2r 2t 1c Apr 17, 2026

critical advisory

Oracle MySQL Multiple Vulnerabilities

2 rules 1 TTP

A remote attacker, either anonymous or authenticated, can exploit multiple vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

mysql vulnerability database

2r 1t Mar 24, 2026

critical advisory

ELBA5 5.8.0 Remote Code Execution Vulnerability

2 rules 3 TTPs 1 CVE

ELBA5 version 5.8.0 contains a remote code execution vulnerability (CVE-2018-25272) that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions, potentially leading to complete system compromise.

ELBA5 5.8.0 rce database credential-access cve-2018-25272 elba5

2r 3t 1c Jan 2, 2024