Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2025/12/13 6:8 a.m.4 views

Arbitrary SQL Execution

Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...

9.4CVSS6.1AI score0.00103EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/11 11:4 p.m.3 views

CVE-2025-67510

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

9.4CVSS7.9AI score0.00103EPSS
Exploits0References1
OSV
OSVadded 2025/12/10 10:55 p.m.0 views

CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

9.4CVSS7.8AI score0.00103EPSS
Exploits0References5
CVE
CVEadded 2025/12/10 10:55 p.m.7 views

CVE-2025-67510

Neuron is a PHP framework for AI Agents. Versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool that can execute arbitrary SQL provided by the caller via PDO::prepare() and execute(), without semantic restrictions. In an LLM/agent context this enables prompt injection or indirect ...

9.4CVSS7.5AI score0.00103EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2025/12/10 12:0 a.m.2 views

Neuron 访问控制错误漏洞

Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron 2.8.11 and earlier versions, which stems from a lack of semantic...

9.4CVSS7.2AI score0.00103EPSS
Exploits0References4
OSV
OSVadded 2025/12/09 5:19 p.m.2 views

GHSA-898V-775G-777C Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)

Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...

9.4CVSS7.8AI score0.00103EPSS
Exploits0References5
Rows per page
Query Builder