Lucene search
K

141 matches found

GithubExploit
GithubExploit
added 2026/04/15 7:5 a.m.154 views

Exploit for SQL Injection in Dbgpt Db-Gpt

CVE-2025-51458-exp Pre-Auth SQL Injection in DB-GPThttps:/...

6.5CVSS6AI score0.00325EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2026/03/20 12:24 a.m.5 views

SUSE CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References3
NVD
NVD
added 2026/03/18 6:16 p.m.6 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS0.00325EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 6:16 p.m.9 views

UBUNTU-CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.6 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References4
OSV
OSV
added 2026/03/18 5:21 p.m.4 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/18 5:21 p.m.5 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 5:21 p.m.48 views

CVE-2026-32611

CVE-2026-32611 describes a SQL injection in Glances’ DuckDB export module. The vulnerability arises because table/column names in DDL statements are interpolated from monitoring data via f-strings, while DuckDB INSERT values already use parameterized queries. The GHSA-x46r fix addressed Timescale...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/18 5:21 p.m.1 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:21 p.m.3 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/18 5:21 p.m.23 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS0.00325EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the DuckDB export module, where table names and column names were directly inserted into SQL statements, potentially leading ...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-32611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by...

9.1CVSS5.3AI score0.00325EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 4:34 p.m.5 views

GHSA-49G7-2WW7-3VF5 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...

7CVSS5.9AI score0.00325EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:34 p.m.7 views

Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-25849

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, contains a SQL injection issue in the DuckDB export module. The TimescaleDB export module was previously fixed for SQL injection by using parameteriz...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References24
Veracode
Veracode
added 2025/12/13 7:19 a.m.12 views

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...

9.8CVSS7.5AI score0.01311EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/13 7:24 a.m.6 views

CVE-2025-64429

A vulnerability was found in DuckDB’s database encryption design. In certain situations, DuckDB could generate encryption keys using a weak random number generator, fail to reliably wipe keys from memory, accept manipulated database headers that disable integrity protection, or miss detecting...

6.9CVSS6.6AI score0.00108EPSS
Exploits0References7
OSV
OSV
added 2025/11/12 10:15 p.m.9 views

PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References4
NVD
NVD
added 2025/11/12 10:15 p.m.8 views

CVE-2025-64429

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS0.00108EPSS
Exploits0References4
Rows per page
Query Builder