Lucene search
+L

248 matches found

NVD
NVD
added 2026/05/05 8:16 p.m.9 views

CVE-2026-33324

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

9.4CVSS0.00603EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/05 7:9 p.m.46 views

CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

9.4CVSS0.00603EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:9 p.m.7 views

CVE-2026-33324

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

9.4CVSS6.6AI score0.00603EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:9 p.m.8 views

CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

9.4CVSS6.6AI score0.00603EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/05 7:9 p.m.11 views

EUVD-2026-27446

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

9.4CVSS6.6AI score0.00603EPSS
Exploits2References1
CVE
CVE
added 2026/05/05 7:9 p.m.19 views

CVE-2026-33324

SQLBot’s Text-to-SQL prompt injection vulnerability affects versions 1.7.0 and earlier, where the user’s question is concatenated into the LLM prompt and the resulting SQL is executed without validation. An authenticated attacker can craft a malicious query to coerce the LLM into generating and r...

9.4CVSS6.6AI score0.00603EPSS
Exploits2References1Affected Software1
RustSec
RustSec
added 2026/04/24 12:0 p.m.14 views

Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`

Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/04/24 12:0 p.m.6 views

RUSTSEC-2026-0136 Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`

Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013866)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013866 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we account skb-truesize to...

5.5CVSS5.5AI score0.00164EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.9 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013644 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga track...

5.7AI score0.00207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011367)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011367 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for Niagara The referenced commit...

5.6AI score0.00211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011364 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC The referenced commit...

5.6AI score0.00211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011214)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011214 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga track...

5.6AI score0.00207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011070)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011070 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: fix a memleak in multitransactionnew In multitransactionnew, the variable t is not free...

5.9AI score0.00216EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012998)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012998 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for Niagara The referenced commit...

5.6AI score0.00211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.14 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...

5.5CVSS6.1AI score0.00423EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 2:6 p.m.9 views

OESA-2026-1760 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug...

8.8CVSS6.7AI score0.0071EPSS
Exploits10References123
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005702 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handler...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modified the return value check. The return value of copyfromiter and copytoiter cannot be negative; it is necessary to check whether the copied lengths are equal...

6.1AI score0.00197EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: sparc: fixed inaccurate exception reporting in copyfromtouser for UltraSPARC. The referenced commit introduced exception handlers for user-space memory references in copyfromuser and copytouser. These handlers return from the...

6.1AI score0.00211EPSS
Exploits0References3
Rows per page
Query Builder