Lucene search
K

96 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.6 views

CVE-2026-4505

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 9:31 p.m.3 views

EUVD-2026-13804

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/03/20 8:16 p.m.3 views

CVE-2026-4505

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:2 p.m.3 views

CVE-2026-4505

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS6AI score0.00201EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:2 p.m.23 views

CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 8:2 p.m.3 views

CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function moduleplugin.refreshplugins of the file packages/dbgpt-serve/src/dbgptserve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible ...

6.5CVSS6AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 8:2 p.m.25 views

CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 8:2 p.m.5 views

CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:2 p.m.2 views

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/03 7:42 a.m.13 views

CVE-2026-3409

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS5.7AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 5:16 a.m.8 views

CVE-2026-3409

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS0.00328EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/02 4:2 a.m.32 views

CVE-2026-3409 eosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/02 4:2 a.m.5 views

EUVD-2026-9142

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS5.7AI score0.00328EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/02 4:2 a.m.5 views

CVE-2026-3409

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 4:2 a.m.4 views

CVE-2026-3409 eosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.8 views

PT-2026-22540

Name of the Vulnerable Software and Affected Versions eosphoros-ai db-gpt version 0.7.5 Description A security flaw exists in eosphoros-ai db-gpt version 0.7.5 related to code injection. The issue is located in the function importlib.machinery.SourceFileLoader.exec module within the file...

7.5CVSS7AI score0.00328EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7084

Malicious code in bioql PyPI...

8.2CVSS8.3AI score0.0067EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22349

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00325EPSS
Exploits2References2
Rows per page
Query Builder