Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.17 views

PT-2026-37219

Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.7.1 Description The Text2SQL chat interface is susceptible to prompt injection. The question parameter is concatenated into the Large Language Model LLM prompt without filtering or escaping, and the resulting SQL is...

9.4CVSS6.7AI score0.00603EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/02/18 10:47 p.m.4 views

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/18 9:1 p.m.6 views

CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

5.7CVSS5.6AI score0.0022EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/06/09 12:0 a.m.7 views

WordPress CozyStay Theme < 1.7.1 is vulnerable to PHP Object Injection

Software CozyStay Type Theme Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49507 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 87cadbf62283 Credits Bonds Required privilege Unauthenticated Published 9 Jun...

9.8CVSS7.2AI score0.00509EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder