PT-2026-44128

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.63.0 Description SQLChatAgent executes SQL produced by a Large Language Model LLM, which can be influenced by prompt injection. When configured with a database role possessing privileges for code execution or...

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

EUVD-2026-31834

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

CVE-2026-0242

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

CVE-2026-43937

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

CVE-2026-43937

Summary: CVE-2026-43937 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5. An admin handler (OnPost… in /Admin/RunSql) can bypass authorization due to PageSecurityCheckAttribute executing after the handler, allowing arbitrary SQL execution via IDbAccess.RunSql when a low-privileged user posts ...

CVE-2026-43937 YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

CVE-2026-5394

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...

CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...

CVE-2026-33324

SQLBot’s Text-to-SQL prompt injection vulnerability affects versions 1.7.0 and earlier, where the user’s question is concatenated into the LLM prompt and the resulting SQL is executed without validation. An authenticated attacker can craft a malicious query to coerce the LLM into generating and r...

EUVD-2026-27178

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

CVE-2026-35228

CVE-2026-35228 affects Oracle MCP Server Helper Tool (Oracle Open Source Projects) with vulnerable versions 1.0.1–1.0.156. An unauthenticated attacker can reach the server over HTTP and, according to the description, could cause the tool to execute malicious SQL. The Connected documents provide t...

PT-2026-37308

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 Description An authorization bypass exists because the PageSecurityCheckAttribute is implemented as a ResultFilterAttribute, which executes after the page handler completes. Consequently, any...

PT-2026-36964

Name of the Vulnerable Software and Affected Versions Oracle MCP Server Helper Tool versions 1.0.1 through 1.0.156 Description An unauthenticated attacker with network access via HTTP can compromise the Oracle MCP Server Helper Tool. This issue allows the execution of malicious SQL, a technique...