Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-38158NVD

Vulnerability Summary

A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements.
Severity Level
CRITICAL(9.8)
Published Date
Jul 16, 2026
Last Modified
Jul 17, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
0.16%Probability
Root Weakness (CWE)
Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh