CVE

CVE-2026-6887

0field notes · 1digest CVSS 9.8

Daily digests

Borg SPM 2007 has an unauthenticated SQL injection bug that lets a remote attacker read, modify, or delete anything in the database. No credentials needed. CVSS 9.8. This product's sales ended in 2008, so there will be no patch.

Daily Digest · Apr 23, 2026
Paperclip RCE is a perfect 10, patch or block now

CVE-2026-6887

Paperclip RCE is a perfect 10, patch or block now