Towards Agentic Investigation of Security Alerts

Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...

CVE-2025-52646

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...

The vulnerability of the software for remote IT support and monitoring of Dell Secure Connect Gateway (SCG) arises from the lack of protective measures for the SQL query structure. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of software for remote IT support and monitoring of Dell Secure Connect Gateway SCG is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow attackers to disclose sensitive information...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary SQL...

The vulnerability of the DuckDBVectorStore class in the LlamaIndex framework for working with large language models allows a hacker to execute arbitrary code.

The vulnerability of the DuckDBVectorStore class in the LlamaIndex framework for working with large language models involves a lack of protection for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the UpdateConnectionVariablesWithImport method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateConnectionVariablesWithImport method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

The vulnerability in the virtual learning environment Moodle, related to the lack of measures to protect the SQL query structure, allows attackers to gain unauthorized access to protected information.

The vulnerability in the virtual training environment Moodle is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by sending a specially...

The vulnerability of PowerStore T OS’ microprogramming software lies in the lack of protective measures for SQL query structures. This allows attackers to gain access to read, modify, or delete data, or execute arbitrary commands.

The vulnerability of the microprogramming software in the PowerStore data storage system’s T OS lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, or delete data, or to execute arbitrary...

UBUNTU-CVE-2024-57650

An issue in the qiinststatefree component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Vulnerability of the SMB microprogramming network device service on QNAP, allowing attackers to execute arbitrary code

The vulnerability of the SMB microprogramming network device software in QNAP is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the NotificationX plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the NotificationX plugin in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of TIBCO EBX asset management software lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary SQL queries.

The vulnerability of TIBCO EBX asset management software lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of Firefox browser for iOS lies in the lack of protection for SQL query structures, allowing attackers to execute arbitrary SQL commands.

The vulnerability of Firefox browser for iOS is related to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to send specially crafted data to the application and execute arbitrary SQL commands remotely...

The vulnerability of the ePolicy Orchestrator antivirus software McAfee Agent allows a violator to execute arbitrary commands.

The vulnerability of the ePolicy Orchestrator anti-virus software McAfee Agent relates to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted SQL queries...

Broadcom Brocade SANnav SQL注入漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions prior to 2.2.0, which can be exploited by an attacker to execute arbitrary SQL commands...

The vulnerability of the sequelize.json() ORM library for applications like Sequelize allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the sequelize.json ORM library for applications like Sequelize is related to the lack of protection for SQL query structures. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected informati...

The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the namefilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL...

The vulnerability of the implementation of the SSL VPN micro-programming software for network interfaces of the SMA 100 series, which allows a intruder to gain unauthorized access to protected information.

The vulnerability of the implementation of the SSL VPN micro-programming system for network interfaces of SONICWALL series SMA 100 is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...