248 matches found
CVE-2026-33324
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
CVE-2026-33324
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
EUVD-2026-27446
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
CVE-2026-33324
SQLBot’s Text-to-SQL prompt injection vulnerability affects versions 1.7.0 and earlier, where the user’s question is concatenated into the LLM prompt and the resulting SQL is executed without validation. An authenticated attacker can craft a malicious query to coerce the LLM into generating and r...
Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...
RUSTSEC-2026-0136 Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013866)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013866 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we account skb-truesize to...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013644)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013644 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga track...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011367)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011367 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for Niagara The referenced commit...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011364 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC The referenced commit...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011214)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011214 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga track...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011070)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011070 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: fix a memleak in multitransactionnew In multitransactionnew, the variable t is not free...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012998)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012998 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for Niagara The referenced commit...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007248)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007248 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 binder: avoid potential dat...
OESA-2026-1760 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005702)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005702 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handler...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modified the return value check. The return value of copyfromiter and copytoiter cannot be negative; it is necessary to check whether the copied lengths are equal...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sparc: fixed inaccurate exception reporting in copyfromtouser for UltraSPARC. The referenced commit introduced exception handlers for user-space memory references in copyfromuser and copytouser. These handlers return from the...