Lucene search
+L

503 matches found

vulnrichment
vulnrichment
added 2026/06/15 6:54 p.m.9 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 6:54 p.m.64 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS0.00254EPSS
Exploits0References1
spring
spring
added 2026/06/12 12:0 a.m.14 views

cve-2026-47835 - HIGH - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

cve-2026-47835 - HIGH - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores...

8.6CVSS6.1AI score0.00254EPSS
Exploits0
snyk
snyk
added 2026/06/12 12:0 a.m.11 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00254EPSS
Exploits0References2
euvd
euvd
added 2026/06/10 2:31 p.m.12 views

EUVD-2026-36050

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.32 views

PT-2026-48453

A missing authentication check on the Aix‑DB "/llm/process llm out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/09 11:48 a.m.18 views

CVE-2017-20249 WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References3
euvd
euvd
added 2026/06/09 11:48 a.m.11 views

EUVD-2016-10876

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

7.1CVSS6AI score0.00221EPSS
Exploits0References5
nvd
nvd
added 2026/06/09 1:16 a.m.16 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS0.00148EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.10 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from the upload limit imposed on form definition files. This limit can be bypassed by using mixed uppercase and lowercase file extensions, allowing...

7.6CVSS6AI score0.00253EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.12 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Security vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed fr...

7.6CVSS6.1AI score0.00238EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.20 views

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/07 12:43 a.m.16 views

CVE-2026-45779

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

9.8CVSS6AI score0.00479EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.15 views

CVE-2026-29090

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS6.4AI score0.00301EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41641

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...

7.2CVSS5.8AI score0.01833EPSS
Exploits1References1
euvd
euvd
added 2026/06/04 1:22 p.m.15 views

EUVD-2019-20168

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References3
redhat
redhat
added 2026/06/03 2:53 p.m.4 views

postgresql: PostgreSQL: Arbitrary SQL execution via SQL injection in logical replication

A flaw was found in PostgreSQL. This SQL injection vulnerability exists within the logical replication feature, specifically when using the ALTER SUBSCRIPTION ... REFRESH PUBLICATION command. A malicious subscriber table creator can exploit this flaw to execute arbitrary SQL commands with the...

8.8CVSS6.2AI score0.0018EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/01 9:0 p.m.10 views

CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...

8.8CVSS6.1AI score0.00341EPSS
Exploits0References4
cve
cve
added 2026/06/01 9:0 p.m.21 views

CVE-2018-25428

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.2AI score0.00341EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

Nextcloud Tables SQL注入漏洞

NextCloud Tables is an open-source table-based application developed by NextCloud. Versions of NextCloud Tables from 0.7.0 to 0.7.7, 0.8.0 to 0.8.10, 0.9.0 to 0.9.8, and 1.0.0 to 1.0.4 have SQL injection vulnerabilities. These vulnerabilities stem from stored injection attacks, allowing...

8.2CVSS6.2AI score0.00318EPSS
Exploits0References3
Rows per page
Query Builder