CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

NVD•added 2026/03/23 7:16 p.m.•2 views

CVE-2026-33723

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from...

7.1CVSS0.00224EPSS

Exploits1References2

Tenable Nessus•added 2025/08/18 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-3818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py...

6.5CVSS6.2AI score0.00264EPSS

Exploits0References2

BDU FSTEC•added 2025/04/30 12:0 a.m.•7 views

Vulnerability of the PostgresDB._process_insert_query() function (file web/db.py), a web application creation framework by web.py, allowing attackers to execute arbitrary SQL commands

The vulnerability of the PostgresDB.processinsertquery function located in the web/db.py file of the web.py web framework is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands using the seqname...

6.5CVSS7.1AI score0.00264EPSS

Exploits0References6Affected Software1

OSV•added 2025/04/19 8:15 p.m.•1 views

UBUNTU-CVE-2025-3818

A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS5.7AI score0.00264EPSS

Exploits0References6

Snyk•added 2025/04/19 7:45 p.m.•1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the processinsertquery function in the PostgresDB class. An attacker who can control the tablename used in a query, which is passed to the seqname argument without escaping, can cause SQL to be executed. Remediation The...

6.5CVSS7.9AI score0.00264EPSS

Exploits0References2

BDU FSTEC•added 2024/09/24 12:0 a.m.•5 views

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...

9CVSS6AI score0.00864EPSS

Exploits1References5Affected Software1

BDU FSTEC•added 2024/09/24 12:0 a.m.•3 views

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.

9CVSS6AI score0.00864EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2024/09/12 3:33 p.m.•18 views

MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS7.7AI score0.00864EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2024/09/12 3:33 p.m.•18 views

MindsDB Eval Injection vulnerability

8.8CVSS7.6AI score0.00864EPSS

Exploits1References5Affected Software1

NVD•added 2024/09/12 1:15 p.m.•19 views

CVE-2024-45851

8.8CVSS0.00864EPSS

Exploits1References1

OSV•added 2024/09/12 1:15 p.m.•20 views

CVE-2024-45851

8.8CVSS8.8AI score

Exploits0References1

NVD•added 2024/09/12 1:15 p.m.•13 views

CVE-2024-45850

8.8CVSS0.00864EPSS

Exploits1References1

NVD•added 2024/09/12 1:15 p.m.•36 views

CVE-2024-45849

8.8CVSS0.00864EPSS

Exploits1References1

OSV•added 2024/09/12 1:15 p.m.•14 views

CVE-2024-45850

8.8CVSS8.8AI score

Exploits0References1

PyPA•added 2024/09/12 1:15 p.m.•5 views

PYSEC-2024-80

8.8CVSS7.8AI score0.00864EPSS

Exploits1References3Affected Software1

OSV•added 2024/09/12 1:15 p.m.•23 views

PYSEC-2024-81

8.8CVSS8.8AI score0.00864EPSS

Exploits1References3

OSV•added 2024/09/12 1:15 p.m.•31 views

PYSEC-2024-80

8.8CVSS8.8AI score0.00864EPSS

Exploits1References3

OSV•added 2024/09/12 1:15 p.m.•18 views

PYSEC-2024-78

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the cod...

8.8CVSS8.8AI score0.00844EPSS

Exploits1References3

Vulnrichment•added 2024/09/12 1:1 p.m.•18 views

CVE-2024-45851

8.8CVSS7.7AI score0.00864EPSS

Exploits1References1

CVE•added 2024/09/12 1:1 p.m.•51 views

CVE-2024-45851

CVE-2024-45851 : MindsDB platforms versions 23.10.5.0–24.7.4.1 are vulnerable when the Microsoft SharePoint integration is installed. For databases created with the SharePoint engine, an INSERT query can carry Python code which is passed to an eval function and executed on the server, enabling ar...

8.8CVSS8.8AI score0.00864EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by