database security Archives • Page 2 of 2 • Daily CyberSecurity

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library

Do Son February 26, 2026

A major security flaw has been unearthed in ormar, a popular asynchronous mini Object-Relational Mapper (ORM) for...

PostgreSQL Fixes 5 Security Flaws Including Critical Code Execution Risks PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Fixes 5 Security Flaws Including Critical Code Execution Risks

Do Son February 18, 2026

The PostgreSQL Global Development Group has issued a critical alert for database administrators worldwide, releasing a comprehensive...

MongoDB Flaw Allows Unauthenticated Attackers to Crash Database Servers MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Flaw Allows Unauthenticated Attackers to Crash Database Servers

Do Son February 12, 2026

MongoDB has issued a warning regarding a high-severity vulnerability that could allow attackers to remotely crash database...

CVE-2026-23906: Authentication Bypass Flaw Hits Apache Druid Analytics Clusters Apache Druid Vulnerability CVE-2026-23906

CVE-2026-23906: Authentication Bypass Flaw Hits Apache Druid Analytics Clusters

Do Son February 11, 2026

The Apache Software Foundation has released a security update for Apache Druid, the high-performance real-time analytics database,...

Critical SAP Alert: Code Injection (CVSS 9.9) Exposes S/4HANA Databases SAP Security Patches CVE-2026-27685 SAP Security Update CVE-2026-0488 CVE-2024-47578 - CVE-2025-0070 and CVE-2025-0066

SAP Security Patches CVE-2026-27685 SAP Security Update CVE-2026-0488 CVE-2024-47578 - CVE-2025-0070 and CVE-2025-0066

Critical SAP Alert: Code Injection (CVSS 9.9) Exposes S/4HANA Databases

Do Son February 10, 2026

SAP has released its security update for February 2026, issuing patches for 26 new vulnerabilities across its...

CVE-2026-25544: Critical Payload CMS SQLi (CVSS 9.8) Exposes Admin Tokens Payload CMS Vulnerability CVE-2026-25544

CVE-2026-25544: Critical Payload CMS SQLi (CVSS 9.8) Exposes Admin Tokens

Do Son February 10, 2026

A massive security hole has been blown open in Payload, the popular “Next.js native CMS” designed to...

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

Do Son December 30, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has officially sounded the alarm on a critical vulnerability in...

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory MongoBleed, CVE-2025-14847

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory

Do Son December 29, 2025

Database administrators are facing a critical security emergency after the disclosure of a high-severity vulnerability in MongoDB,...

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression

Do Son December 23, 2025

A critical vulnerability was disclosed in MongoDB, one of the world’s most popular NoSQL database platforms. The...

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve

Do Son September 22, 2025

Yarix’s Incident Response Team (YIR) has published an in-depth analysis of a targeted intrusion that leveraged an...

MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents MySQL Attacks, UDF Exploitation pREST, SQL injection

MySQL Attacks, UDF Exploitation pREST, SQL injection

MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents

Do Son June 19, 2025

Threat actors are ramping up attacks on poorly managed MySQL servers, particularly those running in Windows environments,...

Flaw in PostgreSQL JDBC Driver (CVE-2025-49146) Exposes Database Connections to MITM Attacks! PostgreSQL JDBC, MITM Vulnerability

Flaw in PostgreSQL JDBC Driver (CVE-2025-49146) Exposes Database Connections to MITM Attacks!

Do Son June 13, 2025

A recently disclosed vulnerability in the PostgreSQL JDBC Driver (PgJDBC) could allow attackers to intercept database connections...

Stealthy Data Theft: Hackers Use Legitimate DB Client Tools for Exfiltration

Do Son May 25, 2025

In recent breach incidents, threat actors have evolved their methods beyond traditional intrusion tactics, now opting for...

Pgpool-II Hit by Critical CVE-2025-46801: CVSS 9.8 Risk Lets Attackers Bypass Authentication Pgpool-II, authentication bypass

Pgpool-II Hit by Critical CVE-2025-46801: CVSS 9.8 Risk Lets Attackers Bypass Authentication

Do Son May 16, 2025

The PgPool Global Development Group has issued a high-severity security advisory for Pgpool-II, a widely used middleware...

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248) Pgpool, Unauthenticated Access

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248)

Do Son May 14, 2025

A critical security vulnerability has been identified in the Bitnami Pgpool-II Docker image and the bitnami/postgres-ha Kubernetes...

Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) ADOdb, SQL Injection

Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0)

Do Son May 5, 2025

A critical security flaw has been disclosed in ADOdb, the widely-used PHP database abstraction library with over...

CVE-2025-46619: LFI Vulnerability Affects Multiple Versions of Couchbase Server for Windows Couchbase Server, Local File Inclusion

CVE-2025-46619: LFI Vulnerability Affects Multiple Versions of Couchbase Server for Windows

Do Son May 2, 2025

Couchbase Server, a widely-used NoSQL document database engineered for high-performance, interactive applications, disclosed a serious security flaw....

Critical Alert 1 Active Exploit Detected Today