2295 matches found
CVE-2026-4597
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-4593
A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...
EUVD-2026-14390
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...
CVE-2026-4571
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewpayments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results in sql injection...
CVE-2026-4540 projectworlds Online Notes Sharing System Parameters login.php sql injection
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...
CVE-2026-4537
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...
CVE-2026-4516
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2026-4511 vanna-ai vanna legacy exec injection
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...
PT-2026-26885
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...
CVE-2026-4507
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-4507 Mindinventory MindSQL mindsql_core.py ask_db sql injection
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
EUVD-2026-13802
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-4500
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-4500 bagofwords1 bagofwords code_execution.py generate_df injection
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-4500 bagofwords1 bagofwords code_execution.py generate_df injection
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-4500
Summary: CVE-2026-4500 affects bagofwords1 bagofwords (up to 0.0.297). The vulnerability targets the function generate_df in backend/app/ai/code_execution/code_execution.py, enabling injection via manipulation of inputs. The attack could be launched remotely and an exploit is publicly available. ...
CVE-2026-4500
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-4485
A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...