Lucene search
+L

97 matches found

CVE
CVE
added 2026/04/03 10:49 p.m.18 views

CVE-2026-34934

Summary: PraisonAI is affected by a second‑order SQL injection in the get_all_user_threads flow. The function builds raw SQL queries by interpolating unescaped thread IDs retrieved from the DB, enabling an attacker to inject via update_thread. When PraisonAI loads the thread list, the payload can...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 10:49 p.m.19 views

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS0.00533EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 10:49 p.m.3 views

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 10:49 p.m.2 views

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS6AI score0.00533EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 3:30 p.m.8 views

EUVD-2026-18651

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:30 p.m.10 views

Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 1:24 p.m.3 views

CVE-2026-25773

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 1:24 p.m.25 views

CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 1:24 p.m.2 views

CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 1:24 p.m.20 views

CVE-2026-25773

CVE-2026-25773 — Focalboard 8.0 Second-Order SQL Injection in category reorder : The vulnerability arises from insufficient sanitization of category IDs used in dynamic SQL during category reordering. An authenticated attacker can store a malicious SQL payload in the category ID field, which is l...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/03 1:24 p.m.3 views

CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS6.1AI score0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.9 views

PT-2026-30041

Name of the Vulnerable Software and Affected Versions Focalboard version 8.0 Description Focalboard version 8.0 does not properly sanitize category IDs before using them in SQL queries when reordering categories. This can allow an attacker to inject malicious SQL code into the category ID field,...

8.1CVSS6AI score0.00309EPSS
Exploits0References9
OSV
OSV
added 2026/04/01 11:20 p.m.3 views

GHSA-9CQ8-3V94-434G PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`

Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...

9.8CVSS6AI score0.00533EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/30 11:0 a.m.4 views

org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

8.3CVSS6.1AI score0.00782EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/27 6:29 p.m.2 views

CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:29 p.m.2 views

CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 6:29 p.m.23 views

CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 6:29 p.m.6 views

CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.12 views

CVE-2026-29096

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

8.1CVSS6.1AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 2:9 a.m.25 views

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS0.00279EPSS
Exploits1References2
Rows per page
Query Builder