Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

46033 matches found

CVE
CVEadded 2026/03/30 12:0 a.m.8 views

CVE-2026-33643

CVE-2026-33643 affects SchemaHero 0.23.0 with a SQL Injection flaw in the MySQL plugin path: the column.go processing in plugins/mysql/lib/column.go improperly handles the column parameter, allowing malicious input to alter table schema. Connected sources also describe similar risks in the Postgr...

7.4CVSS6AI score0.00192EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/03/27 8:22 p.m.4 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
Snyk
Snykadded 2026/03/27 8:22 p.m.5 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/27 5:9 p.m.4 views

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS6AI score0.00442EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/27 5:9 p.m.4 views

CVE-2026-33468

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS6.1AI score0.00419EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2026/03/27 12:0 a.m.4 views

Oracle Linux 8 : mysql:8.0 (ELSA-2026-5580)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5580 advisory. mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo -...

6.5CVSS7.1AI score0.00337EPSS
Exploits0References7
NVD
NVDadded 2026/03/26 5:16 p.m.4 views

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS0.00442EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/26 5:3 p.m.19 views

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS0.00419EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/26 5:3 p.m.1 views

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS6AI score0.00419EPSS
Exploits1References1
OSV
OSVadded 2026/03/26 5:3 p.m.2 views

CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...

8.1CVSS6.1AI score0.00419EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/26 5:1 p.m.2 views

CVE-2026-33442 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS5.9AI score0.00442EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 5:1 p.m.4 views

CVE-2026-33442

Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...

8.1CVSS5.9AI score0.00442EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/03/26 5:1 p.m.11 views

CVE-2026-33442

CVE-2026-33442 affects Kysely (TypeScript SQL query builder). In versions 0.28.12 and 0.28.13, the sanitizer for string literals only escapes single quotes, not backslashes, which under MySQL with BACKSLASH_ESCAPES can allow bypassing escaping in JSON path keys. This enables SQL injection via the...

8.1CVSS5.9AI score0.00442EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/26 3:3 p.m.5 views

CVE-2026-30849

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...

9.8CVSS6AI score0.00413EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:3 p.m.4 views

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

8.8CVSS6.2AI score0.00299EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:3 p.m.3 views

CVE-2026-32763

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS6AI score0.00419EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.2 views

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

8.7CVSS6AI score0.00427EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2026/03/26 12:0 a.m.4 views

AlmaLinux 9 : mysql:8.4 (ALSA-2026:5640)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:5640 advisory. mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21948 mysql: InnoD...

6.5CVSS6AI score0.00337EPSS
Exploits0References8
OSV
OSVadded 2026/03/25 10:15 a.m.5 views

RHSA-2026:5640 Red Hat Security Advisory: mysql:8.4 security update

Bulletin has no description...

6.5CVSS7AI score0.00337EPSS
Exploits0References29
OSV
OSVadded 2026/03/25 10:15 a.m.5 views

RHSA-2026:5580 Red Hat Security Advisory: mysql:8.0 security update

Bulletin has no description...

6.5CVSS7AI score0.00337EPSS
Exploits0References29
Rows per page
Query Builder